You are exploring an API that is described or served via HTTP instead of HTTPS

Question

After following the steps described here to create an API :

https://cloud.google.com/appengine/docs/java/endpoints/getstarted/backend/helloendpoints

I open the following URL on my browser :

http://localhost:8080/_ah/api/explorer

after running

mvn appengine:devserver

to test the API locally.

However, the browser redirects to

https://cloud.google.com/appengine/docs/java/endpoints/getstarted/backend/helloendpoints

and the following error appears in red :

You are exploring an API that is described or served via HTTP instead of HTTPS. This is insecure and may be blocked by your browser. To fix this, set up a TLS proxy for your API. Alternatively, you can tell your browser to allow active content via HTTP at this site (on Chrome, click the shield in the URL bar), but this will not improve security or dismiss this message.

and the API explorer is blank

What is the best way around this?

score 1 · Answer 1 · answered Sep 21 '15 at 14:32

The best way around this is in the error message.

To fix this, set up a TLS proxy for your API. Alternatively, you can tell your browser to allow active content via HTTP at this site (on Chrome, click the shield in the URL bar), but this will not improve security or dismiss this message.

You can create a self signed ssl cert and set up a local ssl proxy that forwards to your application or you can tell your browser to allow mixed content (http inside of https). Both ways will work, I personally use the latter method and click the shield icon in Chrome to tell it that it is OK.

You are exploring an API that is described or served via HTTP instead of HTTPS

1 Answers1