link requested an insecure XMLHttpRequest endpoint

Question

I am pretty new to SSL / https but finally managed to create one for my website

https://thaihome.co.uk

Now the problem is this strange error:

app.7e27c5b6c47cfaa5a0da.js:70 error occured for getting the country from: http://freegeoip.net/json/ {data: null, status: -1, config: {…}, statusText: "", headers: ƒ}
app.7e27c5b6c47cfaa5a0da.js:70 Mixed Content: The page at 'https://thaihome.co.uk/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://freegeoip.net/json/'. This request has been blocked; the content must be served over HTTPS.

And its spitting out the error so fast that the browser almost dies.

What does this mean? and what can I do about fixing it?

Quentin · Accepted Answer

The error message explains it pretty clearly and tells you exactly what you need to do to fix it.

Mixed Content

You are mixing content (from HTTPS and HTTP).

The page at 'https://thaihome.co.uk/'

This is your page.

was loaded over HTTPS

You said you set it up for HTTPS. It is HTTPS now.

but requested an insecure XMLHttpRequest endpoint 'http://freegeoip.net/json/'.

And you have some JavaScript which is making an HTTP request using the XMLHttpRequest object.

The URL you are requesting is http://freegeoip.net/json/ which isn't secure. i.e. it uses HTTP not HTTPS. You can tell because it starts http:.

This request has been blocked;

Because it is insecure, it has been blocked. Otherwise it would inject insecure content into an otherwise secure page. The page wouldn't be secure any more.

the content must be served over HTTPS.

You need to load it over HTTPS so it is secure before you can load it from your HTTPS page.

link requested an insecure XMLHttpRequest endpoint

Answers (2)

Related Questions