HTTP request to an API has been blocked from an HTTPS website

htaccess https http web-services

7,707

As a work around, I am proxying the web service:

My SSL Hosting (Angular Project + Newly created proxy web service)
AWS (Old Web service + MySql Database)

From angularJS i call newly created proxy (that just uses cURL). This cURL code passes request to AWS server over HTTP.

7,707

Related videos on Youtube

Author by

Paresh Gami

Updated on September 18, 2022

Comments

Paresh Gami over 1 year
I am facing problem to call web service which is hosted over HTTP and I am calling web service from HTTPS domain.

web service's .htaccess
```
RewriteEngine On 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteRule ^(.*)$ %{ENV:BASE}index.php [QSA,L]
```
I got following error in console when I am trying to calling web.

angular.min.js:93 Mixed Content: The page at https://www.<my-domain.com>/#/ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint http://<api url goes here>. This request has been blocked; the content must be served over HTTPS.

Note

Web service is hosted in AWS server which is HTTP only and my website is hosted to other hosting provider.
- Admin about 8 years
  
  Well, it's fairly simple. You aren't allowed to load http in an https website. If that hoster cant go implement SSL, go to another hoster :)
- Admin about 8 years
  
  Because all internal and external resources such as JavaScripts, Images, CSS etc MUST to be loaded over HTTPS...
- Admin about 8 years
  
  it is not possible using htaccess or from anything?
- Admin about 8 years
  
  Absolutely not possible... your site is either SSL or its not... everything must be HTTPS in order for SSL to be secure.
Stephen Ostermiller about 8 years

While this makes it work, it introduces a security hole. The API data can be modified in transit over HTTP. Your website will then display hacked data. This is known as a "mixed content vulnerability". Here is an article that explains why this type of vulnerability is serious: whitehatsec.com/blog/why-is-passive-mixed-content-so-serious

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?

How to troubleshoot crashes detected by Google Play Store for Flutter app

Cupertino DateTime picker interfering with scroll behaviour

Why does awk -F work for most letters, but not for the letter "t"?

Flutter change focus color and icon color but not works

How to print and connect to printer using flutter desktop via usb?

Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0

Flutter Dart - get localized country name from country code

navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage

Android Sdk manager not found- Flutter doctor error

Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)

How to change the color of ElevatedButton when entering text in TextField

Related

How to redirect HTTPS to HTTP behind proxy (CloudFlare)

HTTP request has been blocked; the content must be served over HTTPS

handshakeexception handshake error in client (os error wrong_version_number tls_record cc 242) Flutter app/Node server

Is it possible to allow mixed content in Flutter WebView

SocketException: Failed host lookup: 'methods.abc.com' (OS Error: No address associated with hostname, errno = 7), StackTrace :

Handshake error in client (OS Error: TLSV1_ALERT_PROTOCOL_VERSION(tls_record.cc:586) in flutter app when trying to do a post/get request

Flutter : By default, Android Pie will request that apps use HTTPS no HTTP request

How to make a plain text http (not https) request from Flutter

How to test https rest webservice in postman

SOAP: HTTP Bad Request