2

I'm using HTTPS in my server, but I have a second server with some information and I want to take some files from there. I'm now using the code below:

$.get("http://myserver.com/uno.html", function(data, status){
    if (dat == "ok") {
        alert("Myserver.com is online");
    }
}).fail(function(e) {
    alert("Myserver.com is offline");
});

With that code, Chrome is throwing the exception

"https://otherserver.com" was loaded from https but requested an insecure XMLHttpRequest "http://myserver.com/uno.html". Request has been blocked; The content must be server over https.

The question now is how can I load any HTTP request to make Chrome think the request was served over HTTPS? Keep in mind that the only HTTPS server is otherserver.com and I can't implement HTTPS in "myserver.com" This question is not repeated because all the servers are mine and I have full control on the "Same origin policies"

MrViK
  • 106
  • 1
  • 8
  • 10
    You can't. This is a browser level security feature. You have to load all content through HTTPS to avoid this warning. Think of the security problems there would be if it was possible to 'fool' the browser into thinking the connection was secure. – Rory McCrossan Aug 31 '16 at 09:03
  • you should do the transaction from your http server to your https server on the server side then give it to the browser through the https server. – E.Serra Aug 31 '16 at 09:06
  • Why you can't implement https in myserver.com ? – Tom Aug 31 '16 at 10:22
  • I can't implement it in myserver.com because my host's SSL pricing is too hight for me, but otherserver.com is hosted by my computer – MrViK Sep 01 '16 at 12:39

2 Answers2

2

You can do request to otherserver.com and then from server-side do request to myserver.com and return results. For example (example in PHP, but it depends on your backend):

//request.php
echo file_get_contents("http://myserver.com/uno.html");

Then on client-side:

$.get("https://otherserver.com/request.php", function(data, status){
    if (dat == "ok") {
        alert("Myserver.com is online");
    }
}).fail(function(e) {
    alert("Myserver.com is offline");
});
Krzysztof Atłasik
  • 21,985
  • 6
  • 54
  • 76
  • 1
    this is what I commented, and should be the correct answer, he specified that he owns both servers so he should be able to do this. – E.Serra Aug 31 '16 at 09:18
  • Thanks, i love you xD. This have fixed my problem. – MrViK Aug 31 '16 at 11:46
0

The comment by Rory on your question explains why this won't work.

As a workaround, you could setup a non-HTTPS proxy that will pass the request through to the HTTPS service, and return the response.

Consider also there's a general push in our industry to using HTTPS everywhere.

Dwight Gunning
  • 2,485
  • 25
  • 39