Trying to serve secure script inside flask app

Question

I am trying to serve the following script inside my flask app for a data visualization:

http://techanjs.org/techan.min.js

But when I do, I get the following:

Mixed Content: The page at 'https://www.yaddayaddayadda.org/techan' was loaded over 
HTTPS, but requested an insecure script 'http://techanjs.org/techan.min.js'. This request 
has been blocked; the content must be served over HTTPS.   

But when I change it to https like so

https://techanjs.org/techan.min.js

It fails. If I load that url into the browser it doesn't work. Is there a way I can get this to load successfully?

Answer 1

This isn't anything to do with Flask. It's correct that you need to use the same scheme for the included JS file as for the HTML, and that should be HTTPS. The problem is that the TLS (a.k.a. SSL) certificate which the site is providing is valid for *.github.com. But the domain it's loading the JS from is techanjs.org, which is definitely different. So the certificate isn't valid for that site and thus can't protect the transmission or certify the authenticity of the data served.

This is something techanjs.org will have to fix. I'd encourage you to tell them about the problem. In the meantime, do you actually need to use the .js file linked from another site? The problem will go away if you download the .js file and just serve it on your own site.