6

I have a browser extension that's developed using CrossRider API.

When I install it from Chrome, I get the following error:

Mixed Content: The page at xxxxxxx.com is loaded over https but requested an insecure XMLHttpRequest endpoint http://resources.crossrider.com/system/resources/apps/68868/959532?ver=19. This request has been blocked; the content should be served over https.

Why is crossrider requesting resources on HTTP instead of HTTPS. Do I need to set any flag anywhere?

More importantly, why is crossrider making a request to this URL?

That means, there is a dependency on crossrider server to be up and running for my browser plugin to work. If my plugin has lot of users, will it have any impact on my availability of my plugin?

If that JS file is required, is it possible to host that file on our server?

We really don't want to have a dependency on CrossRider server.

[Update] :I'm attaching the screenshot of the error.enter image description here

Preetham Reddy
  • 611
  • 2
  • 8
  • 19

1 Answers1

2

You have asked several questions and hence I have answered the ones I can base on the provided information.

Crossrider is a cloud based service and as such requires Internet access to download extension code and resources.

In general, once the extension is installed and the resources are downloaded, the extension runs locally and periodically accesses the Crossrider site for updates. Therefore, the dependency on the Crossrider server (CDN) is primarily at installation time, and periodically thereafter, as the extensions runs locally after installation. This model comes with several benefits including automatic extension code/framework updates and the statistics dashboard. Of course, if this does not meet your requirements there are other standalone platforms you can use to build an extension.

Regarding the downloading of resources, this usually works without issue. I am happy to take a look at your scenario but, in order to do so, please provide the extension id and versions of the browser and OS you are using and I will investigate.

[Disclosure: I am a Crossrider employee]

Shlomo
  • 3,763
  • 11
  • 16
  • You can find the extension on the chrome store at : https://chrome.google.com/webstore/detail/flowt/ilfnhmflpfoaphbigmjimjfgpckckdfi Also, the extension works flawlessly most of the time but sometime, it sends the request over http instead of https and we get the above mentioned error. I've used it on Windows 8 and Mac Yosemite using Chrome 39.0.2171.95 (latest version) – Preetham Reddy Dec 28 '14 at 23:05
  • 1
    Thanks for the additional information. Installed and checked the extension Chrome several times and I do not get any errors. Please can you provide the steps for reproducing the problem? – Shlomo Dec 29 '14 at 09:34
  • 1
    Re: "More importantly, why is crossrider making a request to this URL?". Now that you provided the extension details, I investigated your question. The request is to download the _jquery.simulate.js_ file placed in the extension's resources folder that, I presume, you added to provide the functionality you require in the extension. Once downloaded it's available for your extension to use. – Shlomo Dec 29 '14 at 09:42
  • I can't reproduce that error but it did happen. If the jQuery simulate file is there in the resources folder, shouldn't it request using https since all other files are being requested over https. My worry is some users might not know if this problem occurs and they might assume that extension doesn't work. Is there a setting where I could just ask crossrider to load everything over https. Also, when I try to load the file over https manually, it doesn't work. It gets served only through http. – Preetham Reddy Dec 29 '14 at 18:56
  • Thanks for the latest information. I investigated the matter and all the resources files a downloaded using HTTP in the background scope and are not subject to the page scope protocol. In the updated question you added a screen capture that shows a similar error, but you'll note that it's not an extension resource error since the mixed content is from "https://www.facebook.com/login.php". This appears to be related to your _extension.js_ user code using the tab's URL as can be seen in the second line of the provided screen capture. I hope that points you in the correct direction for debugging. – Shlomo Dec 29 '14 at 22:30
  • Thank you for pointing it out... I will look into this and see how it can be resolved! – Preetham Reddy Dec 31 '14 at 02:34