I have a web site which is served over an https protocol. This is written in angularJs. The Website is calling an asp.net web api service over http, and then I'm getting this error:
angular.js:10765 Mixed Content: The page at 'https://example.com/forms/#/question-set-4#topOfThePage' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://webapiaddress/api/ControllerName/GenerateCaptcha'. This request has been blocked; the content must be served over HTTPS.(anonymous function) @ angular.js:10765r @ angular.js:10558g @ angular.js:10268(anonymous function) @ angular.js:14792$eval @ angular.js:16052$digest @ angular.js:15870$apply @ angular.js:16160g @ angular.js:10589T @ angular.js:10787w.onload @ angular.js:10728 angular.js:10765 XMLHttpRequest cannot load http://webapiaddres/api/SomeController/GenerateCaptcha. Failed to start loading.
So the error suggests for me that I should serve the web api self host over an https addres. So in the config of that web api self host I'm changing it to https//webapiaddres/
But then I'm getting this:
angular.js:10765 GET https:/webapiaddress/api/SomeController/GenerateCaptcha net::ERR_INSECURE_RESPONSE
What am I doing wrong? Why is this happening. Strange thing is that that this does not scream that I don't have CORS enabled, but this could be because of the fact that this web api selfhost and the site is on the same server. I can't find any simmilar problem to mine in google.
