CODEWITHSUNDEEP
javascriptssliframemixed-content
Powerslave
Powerslave

Reputation: 463

"Mixed content" Error when accessing HTTP within HTTPS page

Our intranet website has to communicate with a client .NET app. We're using a HttpListener (on http://localhost:[port]) on the client app and an iframe that refers to this url in the page. Its working like a charm when the page is HTTP.

Problem: When the site is HTTPS a 'Mixed content' Javascript error is displayed in newer browsers and the request doesnt arrive at the client.

I believe this error would also occur when using an Ajax request instead of an iframe.

I also tried to bind a self-signed certificate to the listener and listening on https://localhost:[port] (which works for IE), but since the Firefox has its own certificate store its really tough to install it there automatically (IE uses Windows certificate store which is easy to install there).

So, does anyone know any possibility to make a request to http://localhost:[port] when the site itself is HTTPS that works for both FF and IE?

Thanks!

Upvotes: 1

Views: 1158

Answers (1)

Halcyon
Halcyon

Reputation: 57723

Change the iframe to:

<script>
    var request = new XMLHTTPRequest();
    request.open("GET", "http://localhost:[port]/?action=doStuff");
    request.send();
</script>

You will also need to make some minor modifications to your app.

It needs to implement an OPTIONS method and it needs to return a cross-origin-resource-policy. This sounds a lot harder than it is, it just needs to return a reply with the Access-Control-Allow-Origin header set to *.

The response of the GET request must also have this header.

If you know all the domains that try to communicate with your app on localhost you can change the * to a whitelist or even just a single value.

Upvotes: 1

Related Questions