1

I have a relatively simple Laravel app, that features an HTML form which contains a tag select element. The select element gets enhanced via select2 library. The tags are fetched via an XMLHttpRequest. I've created a fiddle, and the error I receive there is the same as on my production machine:

[...]was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://blog.mazedlx.net/tags?term=asd'. This request has been blocked; the content must be served over HTTPS.

$('#tags_id').select2({
    minimumInputLength: 2,
    tags: true,
    tokenSeparators: [','],
    ajax: {
        url: 'https://blog.mazedlx.net/tags/',
        type: 'GET',
        dataType: 'json',
        data: function (params) {
            var queryParameters = {
                term: params.term
            }
            return queryParameters;
        },
        processResults: function (data) {
            return {
                results: $.map(data, function (item) {
                    return {
                        text: item.tag,
                        id: item.id
                    };
                })
            };
        }
    }
});

As you can see in the fiddle the ajax url contains https, and the page containing the form is also served over https. The url also yields results: e.g. https://blog.mazedlx.net/tags?term=php. What am I doing wrong?

mazedlx
  • 1,405
  • 17
  • 24
  • If you check in the console you can see the request is going to the `http://` protocol, not `https://`, hence the error – Rory McCrossan Mar 15 '16 at 10:52
  • as you can see in the code, the ajax call goes to a `https` resource – mazedlx Mar 15 '16 at 10:55
  • 1
    The code says it does, but the console is king: http://i.imgur.com/9jzpgyZ.png – Rory McCrossan Mar 15 '16 at 10:57
  • 1
    so, where do i start debugging? even if the request comes via `http` my server is configured to redirect to `https`, always. – mazedlx Mar 15 '16 at 10:58
  • 1
    Hey @mazedlx, try using a secure middleware in laravel & let us know the results. See: https://laracasts.com/discuss/channels/tips/secure-middleware-for-laravel-5 – Mysteryos Mar 15 '16 at 11:18
  • I'd rather let the web server handle insecure requests, but, ok. Created a middleware that will redirect to secure if the request is unsecure. I check for `$request->secure()` but it returns `false` although the page is served via `https`. I am not behind any proxy oder hoster. – mazedlx Mar 15 '16 at 11:40

1 Answers1

1

Solved it. Needed to modify my Apache conf for that vhost. The SSL directives where only loaded for the main domain, but not for that subdomain.

mazedlx
  • 1,405
  • 17
  • 24