Jquery load https url

Question

Jquery load https url

I have this problem. On an external website, I have a script like this:

<div id="idtest"></div> <script src="//example.com/widget.js" type="text/javascript"></script>

example.com is located at https (allow both http and https). On the server in the widget.js script, I have:

  $('#idtest').load("https://example.com/index.html")

I get this error: Mixed content: the page on the 'thepage' page was loaded via HTTPS but requested the XMLHttpRequest http://example.com/index.html 'insecure endpoint. This request is blocked; content must be transmitted via HTTPS.

I do not understand: why is the error and why is the endpoint in "http"? thanks

EDIT

Additional Information:

if in widget.js i do this:

  $('#idtest').load("./index.html")

the content is loading and everything works fine if I upload a script to my website.

If I do something like:

  x = "https://example.com" $('#idtest').load(x + "/index.html")

or

  $('#idtest').load("https://example.com/index.html")

I get an error (if I put the script on my site or on an external site). Why?

EDIT 2

Additional Information:

my site is in django

EDIT 3

In firefox I load the page in https and http. It does not work in Chrome. I see this situation in the firefox network analyzer when url is called:

302 https://example.com/index.html 200 http://example.com/index.html [mixed content]

What do they understand this situation (https to http)? Could there be a Django redirect problem?

+7

javascript jquery http https

RoverDar Jun 05 '15 at 9:57

source share

3 answers

I think this is more of a cross-domain problem.

the $ .load jquery function uses ajax to load the URL and therefore you cannot cross-call the domain if the destination URL does not implement CORS headers.

In your example, the example.com server should return a header

 Access-Control-Allow-Origin: *

You can also replace * with the domain of the page that wants to download content using AJAX.

Good blog post on how to use CORS: http://www.html5rocks.com/en/tutorials/cors/

+1

Julien bachmann Jun 09 '15 at 16:11

source share

I had this problem on the Ruby on Rails webpage and the error was to use the _url helper instead of the _path helper on the https webpage:

in view : borrar_linea_factura_url(l) : borrar_linea_factura_url(l)

ok: borrar_linea_factura_path(l)

As a repetition of what was said earlier:

Assistant

"_ url" generates /controller/action/params

"_ path" helper generates https://controller/action/params

0

Albert català 20 sept '16 at 9:41

source share

Dave alperovich · Accepted Answer · 2015-06-07T17:38:00+0000

A mixed content error occurs when:

You are trying to download secure SSL content ( https ) on an insecure ( http ) served page.

Or vice versa

You are trying to download insecure content ( http ) on an SSL protected page ( https ).

Your error message warns that your call page is loaded in unsafe mode

You did not explicitly state this, but your error indicated that your page is served without SSL . When you try to load a protected resource, it becomes a mixed mode problem of protected resources and unsafe.

If possible, you are trying to serve as a reference file in the same way

You can use your homepage in SSL ( https )
You can request a partial page in http
$ ('# idtest'). load (" http://example.com/index.html ")

or

Just as you enable it, request a partial page without a protocol. Your uploaded file will now be uploaded using the protocol used by your page.

About your specific resource:

I tried downloading:

http://example.com/index.html

and

https://example.com/index.html

The result was the same. I got a simple page with a message:

Domain example

This domain has been created for illustrative examples in documents. You can use this domain in the examples without prior approval or ask for permission.

Additional Information...

Jquery load https url

Domain example

More articles: