The page was uploaded through HTTPS, but requested an insecure XMLHttpRequest endpoint

Question

The page was uploaded through HTTPS, but requested an insecure XMLHttpRequest endpoint

Navigation

#1 by (2 votes)

1

I'm calling a Resting Application API implemented from Https to Http Rest API. I wrote the logic in VueJs. The web service call failed with the message below.

vue-resource.js: 1091 Mixed Content: The page at ' link ' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ' link '. This request has been blocked; the content must be served over HTTPS. (anonymous) @ vue-resource.js: 1091

via HTTPS requests from my HTTPS application - there is no other workaround for this and the mixing protocols can also put the application's security at risk, but I'd still be able to run my application on the web server, all because of this line of code below

 created: function() {
    var self = this;
    self.$http.get('http://api.promasters.net.br/cotacao/v1/valores').then(function(response) {
      self.bancodedados = response.body;
    });
  },

How could I do to fix this?

I'm loading a dollar quote table by getting the information from a HTTP URL in the form of json

html5

asked by anonymous 20.03.2018 / 12:41

1 answer

My software in C # with SQLEXPRESS database LocalDB does not open on another PC, even installing all dependencies Block access to subfolders in the URL (WordPress) from the 403 forbidden

score 2 · Accepted Answer

This happens because you are making your page available via HTTPS over a secure connection, but in your javascript you are making requests to an address without this protection, which in this case is the request for http://api.promasters.net.br . As a result you have the warning or error message (if the browser blocks the request).

In the case of blocking you will lose features because you can not bring the desired content to the user. If the browser only displays a warning, the lock symbol will be displayed differently to indicate to the user that although he has requested a secure connection to his website through https , there are requests being made without this level of protection, your site is not as secure and may be exposing you to some vulnerability.

Mixed-type responses do not occur just because of javascript accessing unprotected resources, they will also occur if you try to load even static content such as fonts, images, css sheets, and other javascript files.

In order to avoid weakening https, you should always use urls https:// when specifying external references or simply '//' that will maintain the initial request protocol.

More information:

What is mixed content ?