CODEWITHSUNDEEP
htmlcssherokuhttpscdn
padawanTony
padawanTony

Reputation: 1359

net::ERR_INSECURE_RESPONSE with CDN

I have deployed an app on heroku but the css is not working.

I am using the w3.css framework and I am importing it like this: <link rel="stylesheet" href="//www.w3schools.com/lib/w3.css">

The error I am getting is: GET https://www.w3schools.com/lib/w3.css net::ERR_INSECURE_RESPONSE

I am pretty sure that it is related to the certificate of the site.

But even when I manually accept the "invalid" certificate in the site, I get a 404 error.

Also, from what I see, w3.css only offers its CDN through http: http://www.w3schools.com/lib/w3.css not https: www.w3schools.com/lib/w3.css

So, I just wanted to confirm that this is actually the case and that it is not my fault (not knowing how to load sth over https!)

Finally, it's not a Chrome error (from what I've read around in SO). Firefox doesn't work either.

UPDATE

Just to inform that, as expected, the error was resolved when I downloaded the w3css framework and linked to it locally.

Upvotes: 0

Views: 1404

Answers (2)

MikeBoss
MikeBoss

Reputation: 385

Modifying the response to make it more accurate...

A couple of issues here:

First. Beware that this file is not available via HTTPS as it returns a 404 error. To download the file, you can add the http:// protocol to the URI to use HTTP instead of HTTPS.

Secondly and most importantly what will stop you from linking the library from your webpage; this library is not available to be embedded publicly. The web server is not responding with the appropriate CORS headers. In this case the Access-Control-Allow-Origin: * header is missing in the response:

< HTTP/1.1 200 OK
< Cache-Control: public,max-age=3600,public
< Content-Type: text/css
< Date: Mon, 29 Aug 2016 01:27:41 GMT
< Etag: "6213abc99edd11:0+ident"
< Last-Modified: Wed, 03 Aug 2016 15:14:31 GMT
< Server: ECS (sea/55DD)
< Vary: Accept-Encoding
< X-Cache: HIT
< X-Powered-By: ASP.NET
< Content-Length: 28929

Your best bet is to download the file and link it locally from your own server.

Upvotes: 0

CodyA
CodyA

Reputation: 429

As you said, it looks like this is simply related to the certificate of the site (or lack thereof). This is why you are receiving a 404 when you accept the invalid certificate because the https:// version of the site does not exist.

If you still want to deliver the asset from a CDN, you could either put the file on your origin server and accelerate it via the CDN or store it directly on the CDN's storage cloud (if applicable). Here is a good list comparing various CDN providers http://cdncomparison.com/

Upvotes: 1

Related Questions