Call HTTP (non SSL/HTTPS) REST from Firebase hosted site, using XMLHttpResponse

Question

I am trying to build a Firebase hosted page that will connect to a (Django) HTTP web service using XMLHttpRequest in the below script.

    <script>
  function UserAction() {
    var req = createRequest(); // defined below
    // Create the callback functions:
    var handleResponse = function (status, response) {
        alert("status " + status + " response: " + response)
    }
    var handleStateChange = function () {
        switch (req.readyState) {
          case 0 : // UNINITIALIZED
          case 1 : // LOADING
          case 2 : // LOADED
          case 3 : // INTERACTIVE
          break;
          case 4 : // COMPLETED
          alert("case 4" + req.responseType);
          handleResponse(req.status, req.responseJson);
          break;
          default: alert("error");
        }
    }

    req.onreadystatechange = handleStateChange;


req.open("GET", "https://foo.org:/bar/getid/?Id=" + document.getElementById('ID').value, true);
req.send();
    function createRequest() {
  var result = null;
  if (window.XMLHttpRequest) {
    // FireFox, Safari, etc.
    result = new XMLHttpRequest();
  }
  else if (window.ActiveXObject) {
    // MSIE
    window.alert("windows");
    result = new ActiveXObject("Microsoft.XMLHTTP");
  } 
  else {
    // No known mechanism -- consider aborting the application
    window.alert("no known mechanism");
  }
  return result;
}
}</script>

Using Chrome FireBase throws 404 error. Django server does not register any connection.

Using FireFox FireBase throws 404 error. But Django server throws

'code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x00\xcc\x01\x00\x00\xc8\x03\x03\xdf\x04{\x9f\xe4\xb2\xc2ij\x8d\x14\xd5\xaa\xdcu\x14+&\xa4\xa1\xdf\xdc\xd8\x9b?\xea\xbdh\xb8')`

I did find this in the FireBase documentation here, making me think this is not possible. But hopefully I am wrong, or there is a way to do this in development/test, but not production.

SSL only: Firebase Hosting is SSL-only, meaning that content will only be served over HTTPS. As you are developing your application make sure that all external resources not hosted on Firebase Hosting are loaded over SSL (HTTPS), including any external scripts. Most browsers do not allow users to load "mixed content" (SSL and non-SSL traffic).

thanks