I have a React app deployed in gh-pages which is loaded over https, and it sends requests to an EC2 instance that is using http.
The problem is that the HTTP requests that the React app is doing are being changed to HTTPS requests, which are not supported by this EC2 instance, so they always fail.
Any Ideas as why this is happening?
PD:
Of course I had this error first: Mixed Content: The page at xxx was loaded over HTTPS, but requested an insecure font yyy.
But I fixed it with the following tag:
<head>
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
</head>
I know I should eventually load my EC2 instance over https, but I need a fix for now :P. Thank you guys.
Related
BASE_URL = "http://********:8091/api/v1";
I have uploaded my react-js application on netlify.com. in react js I implemented APIs.... when I hit APIs after deploying I got this error on console:
Mixed Content: The page at 'https://xyz.netlify.app/' was loaded over
HTTPS, but requested an insecure XMLHttpRequest endpoint
'http://***:8091/api/v1/categories/'. This request has been
blocked; the content must be served over HTTPS.
what is the solution to this
Unfortunately, There's no way to disable mixed content
Just Add the Below meta tag to your HTML file
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
I need to deploy a simple react app just for showcase purposes. But there is a problem when I'm trying to host it on Netlify, Vercel, Firebase and I can't use heroku. I'm getting this.
Mixed Content: The page at 'https://ip-tracker-b72ffu8s0.vercel.app/' was loaded over HTTPS, but requested an insecure resource 'http://api.ipstack.com/check?access_key=3a79079d875...'. This request has been blocked; the content must be served over HTTPS.
I would like to use https://api.ipstack.com/check instead of http://api.ipstack.com/check
but free plan do not allow me to use https.
The question is where I can deploy react-app on http? I don't care about safe connections. I just want to deploy as a demo.
I'm doing application with spring security and Spring MVC in back end and Angular in front end.
My problem is that I do the logged in correctly, but the problem in logged out I implemented correctly in my localhost: http://localhost:8080 worked without problem. When I change it to https:// I get this error:
Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS.
I want to know how to correct that? And how to know which url blocked by https in the browser for example chrome?
This post which gives a solution to your problem: http://www.learningthegoodstuff.com/2015/08/mixed-http-error-with-spring-security.html
All the details are explained there, basically all you have to do is add this two lines to my application.properties file:
server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto
I fixed by removing a forward slash from the end of a URL fixing everything.this is help me : GET request throws error after app implemented SSL: Mixed Content: This request has been blocked; the content must be served over HTTPS"
This happens when the server is using http (non secured). You can fix it by enforcing https for all resources in the backend. Check here for more details.
In #Jabir Minjibir's answer there is very good link to describe the error. As sum up, when your application works with httpS scheme you can't make visits to unsecure links which is http.
I got this error and fixed it like I wrote below:
Mixed Content: The page at 'https://stackblitz.com/' was loaded over HTTPS, but
requested an insecure XMLHttpRequest endpoint 'http://172.19.0.62:920/'.
This request has been blocked; the content must be served over HTTPS.
You can mask unsecure links with simple-https-proxy npm package. In my experience I was coding an angular sample on httpS://stackblitz.com and I was trying to connect to an Elasticsearch server which doesn't have a domain name. I needed to make it working with ssl but I couldn't modify it's scheme. Thus I installed a proxy which can work secure (httpS).
I installed the npm package:
npm i -g simple-https-proxy#latest
Then I created certificate:
simple-https-proxy --makeCerts=true
Then I ran it
simple-https-proxy --target=http://172.19.0.62:9200 --port=9201 --rewriteBodyUrls=false
In another example:
Im using Bootstrap and AngularFire for my Web project. Everything ok but when I host it on Firebase.com. The layout has changed
Errors:
Mixed Content: The page at 'https://......firebaseapp.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://......firebaseapp.com/' was loaded over HTTPS, but requested an insecure script 'http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js'. This request has been blocked; the content must be served over HTTPS.
What happens with Bootstrap? Thanks in advance!
Firebase uses HTTPS to serve content. As you can see from the error, you are referring the content to be loaded over HTTP. Though this should not be happening, but it could be one of recent features of Chrome where they block, non-secure requests over a secure channel.
In order to solve it, you should change the URLs in your code to point at HTTPS versions of Bootstrap CDN.
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
Further Read: https://support.google.com/chrome/answer/1342714?hl=en
I was having the same issue:
you just need to make the http to https
in the bootstrap link inside the code.
That will resolve the issue.
I was trying to use Prerender locally on port 3000, but phantom.js sometimes crashes and the css links gaves me many 504 http errors. I don't know how to set the links, absolute or relative? but in both ways, gaves me the same error.
My app is running on port 8000, I've added this on html file:
<meta name="fragment" content="!">
I'm using the service like this, it's the right way?
http://localhost:3000/http://127.0.0.1:8000
The CSS links causing a 504 isn't a problem. Once you proxy the requests through your webserver, it will work fine.
The correct URL to access to force the request through your middleware to the Prerender server is http://127.0.0.1:8000?_escaped_fragment_=
The middleware will then make it's own request to http://localhost:3000/http://127.0.0.1:8000 and return the page through the middleware.
As for crashing, PhantomJS can crash randomly and you don't have to worry about that when using our hosted service :)