Clever Geek Handbook

AJAX using HTTP instead of HTTPS

My AJAX request is using HTTP even though the request is being made on the page using HTTPS. Any idea why this is downgrading to HTTP?

Here's my AJAX request:

$(function() {

  // Update section options whne course is changed
  $('#id_new_course').change(function() {

    // Get selected coursenum
    var val = $(this).val();
    var sect_input = $('#id_section');

    // Disable #id_section when no course is selected
    if (val == '') {
      sect_input.empty();
      sect_input.prop('disabled', true);
    } else {
      // Get list of sections for selected course and update #id_section options
      $.ajax({
        url: '/account/support_dashboard.get_course_sections/' + val + '/',
        dataType: 'json',
        success: function(data) {
          // Empty options and add new ones to #id_section
          sect_input.empty();
          $.each(data, function(value, key) {
            sect_input.append($('<option></option>').attr('value', value).text(key));
          });
          sect_input.prop('disabled', false);
        },
        error: function() {
          console.log('ERROR OCCURRED TRY AGAIN');
        }
      });//ajax
    }//if

  });

}); //ready

Here's the error output in my web console:

Mixed Content: The page at 'https://www.myeducator.com/account/support_dashboard/1027/993532704604577793/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.myeducator.com/account/support_dashboard.get_course_sections/915ba/'. This request has been blocked; the content must be served over HTTPS.

The javascript file is loaded over HTTPS:

Request Over HTTPS

Also, the actual ajax request comes out as HTTPS:

AJAX Request over HTTPS

I also don't think it has anything to do with my webserver (nginx). I only have one rewrite command that redirects any raw subdomains to www.myeducator.com using the same request scheme:

server {
  listen 443 default_server ssl;
  server_name _;

  ...

  # the rewrite string
  rewrite ^ $scheme://www.myeducator.com$request_uri redirect;
}
+3


source to share


1 answer


I had a similar problem, very cryptic ...

Mixed Content: The page at 'https://domain.com/blah.json' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://domain.com'. This request has been blocked; the content must be served over HTTPS.


It turned out that the .json was not configured in MIME types in IIS. After adding the .json extension, everything worked as it should.

Edit: my suspicion will be your endpoint. "dashboard.get_course_sections" has a point that makes your server treat it as a resource so that it won't support it.

0


source






More articles:


All Articles