How can I make an Ajax call to an HTTP time server site from HTTPS?

Question

I'm trying to get the current time from http://timeapi.org/utc/now.json. I'm using the following:

  var date;
  $.ajax({
    dataType: 'jsonp',
    url: 'http://timeapi.org/utc/now.json',
    success: function (result) {
        date = result.dateString;
    }
  });

The URL is only available as HTTP, but I'm calling it from an HTTPS site. This leads to the error:

'https://myurl.com' was loaded over HTTPS, but requested an insecure script 'http://timeapi.org/utc/now.json?callback=jQuery1122020058229618158618_1466258121249'. This request has been blocked; the content must be served over HTTPS.

The timeapi website does not actually exist as https, so changing the URL to https leads to a new error: http://timeapi.org/utc/now.json

How can I force it to load? There do not seem to be any https web time services, but I imagine there has to be a way in which people on https sites are using external time-keeping services as well.

Answer 1

You can't.

From HTTPS, only HTTPS. From HTTP you can call HTTP and HTTPS.

What you could do is to create an https wrapper (in php or node) in your own webserver and retrieve the value from timeapi.org from there.

Something like this:

<?php
header('Content-Type: application/json');
echo(file_get_contents('http://timeapi.org/utc/now.json'));

Answer 2

You can't make http requests from an https.

It is restricted by same origin policy

The same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors.