Reputation: 11
request has been blocked; the content must be served over HTTPS
I'm doing application with spring security and Spring MVC in back end and Angular in front end.
My problem is that I do the logged in correctly, but the problem in logged out I implemented correctly in my localhost: http://localhost:8080 worked without problem. When I change it to https:// I get this error:
Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS.
I want to know how to correct that? And how to know which url blocked by https in the browser for example chrome?
Upvotes: 1
Views: 24702
Answers (4)
Reputation: 16622
In @Jabir Minjibir's answer there is very good link to describe the error. As sum up, when your application works with httpS scheme you can't make visits to unsecure links which is http.
I got this error and fixed it like I wrote below:
Mixed Content: The page at 'https://stackblitz.com/' was loaded over HTTPS, but
requested an insecure XMLHttpRequest endpoint 'http://172.19.0.62:920/'.
This request has been blocked; the content must be served over HTTPS.
You can mask unsecure links with simple-https-proxy npm package. In my experience I was coding an angular sample on httpS://stackblitz.com and I was trying to connect to an Elasticsearch server which doesn't have a domain name. I needed to make it working with ssl but I couldn't modify it's scheme. Thus I installed a proxy which can work secure (httpS).
- I installed the npm package:
npm i -g simple-https-proxy@latest
- Then I created certificate:
simple-https-proxy --makeCerts=true
- Then I ran it
simple-https-proxy --target=http://172.19.0.62:9200 --port=9201 --rewriteBodyUrls=false
In another example:
Upvotes: 0
Reputation: 137
This happens when the server is using http (non secured). You can fix it by enforcing https for all resources in the backend. Check here for more details.
Upvotes: 1
Reputation: 11
I fixed by removing a forward slash from the end of a URL fixing everything.this is help me : GET request throws error after app implemented SSL: Mixed Content: This request has been blocked; the content must be served over HTTPS"
Upvotes: 0
Reputation: 15878
This post which gives a solution to your problem: http://www.learningthegoodstuff.com/2015/08/mixed-http-error-with-spring-security.html
All the details are explained there, basically all you have to do is add this two lines to my application.properties file:
server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto
Upvotes: 4
Related Questions
- Access to XMLHttpRequest at 'https://...' from origin 'http://...' has been blocked by CORS policy(Spring Boot & Angular 7)
- "has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes" when accessing the spring boot API
- Basic GET request failed Angular and Spring
- CORS blocked Angular 7 and Spring 5
- Cross-Origin Request Blocked, with post request Angular and Spring
- AngularJS authentication with Spring Security CORS issues
- HTTP request has been blocked; the content must be served over HTTPS
- Spring Security - Simple CORS authentication error
- spring security angularjs forbidden 403
- SpringSecurity - SecurityConfiguration.java - HttpSecurity - not working