13

Currently making an AJAX call from a HTTPS jsp to call in data from another jsp page. We are however getting a Mixed content issue:

Mixed Content: The page at 'https://etc/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://etc/path/to/other/page.jsp'. This request has been blocked; the content must be served over HTTPS.

How do you force an AJAX call to call over HTTPS?

The AJAX call looks like the following:

var url = "/path/to/other/page.jsp";

$.ajax({                                                            
    type: "POST",
    url: url,
    data: {data: data},
    dataType: "html",
    timeout: 4000, 
    success: function(html) {
        /* Code on Success */
        }
    },
    error: function(request, status, error) {
         /* Code on Failure
    }   
});

I could understand if I was trying to make a call from HTTPS to HTTP, but I don't want to. I want to force this to call the JSP using HTTPS is all, so I can avoid the Mixed Content issue.

Thank you in advance!

/* EDIT */

Interestingly I put in the variable URL an absolute path:

var url = "https://etc/path/to/other/page.jsp";

And I got the same issue. Something is forcing this AJAX call to be HTTP?

KirisuteRanza
  • 367
  • 3
  • 15
  • 4
    The code as shown, when run from within a page that was requested via HTTPS already, should use HTTPS automatically, since that is how resolving relative paths to absolute ones works. If it _doesn’t_ in your case, then there must be something else going on that we have not been told about yet. – CBroe Feb 02 '15 at 12:21
  • 5
    Odds are the problem is that the end point is redirecting off HTTPS. You have to fix that server side. – Quentin Feb 02 '15 at 12:38
  • 3
    To elaborate on what @Quentin said: if you're explicitly connecting to an `https://` address and still getting an error about the the resource being `http://`, that means that the server is sending a 3XX (likely a 301 or 302) response to redirect to the `http://` resource. If you don't want this to happen, change your sever to that it doesn't respond with 3XX HTTPS-to-HTTP redirects anymore. – apsillers Feb 02 '15 at 12:51
  • 1
    Where is that applied? Currently using apache? – KirisuteRanza Feb 02 '15 at 14:27
  • Got it. We have that redirect but we also have a section which if the URL is submitted via HTTPS, then redirect using that. We have added in the URL to this section. :) – KirisuteRanza Feb 02 '15 at 15:08

1 Answers1

1

Try use another extension or use like folder with .htaccess etc. like this

var url = "https://etc/path/to/other/page/";
Josephy Besim
  • 53
  • 4