0

There are several questions that relate to this, but they're either very specific, inconclusive or outdated:

Is it possible to make a cross domain request from https to http in IE?

Can IE8 post cross-domain requests from HTTP to HTTPS?

Cross domain HTTP requests

Cross domain request from HTTP to HTTPS aborts immediately

And a few others.

As of now, is it at all possible to make any (GET, PUT, POST...) HTTP request, within JavaScript, to a server that does not have a valid SSL certificate, in a page served from a HTTPS server? Without, of course, asking the user to trust a self-signed cert or disable protections.

I've tried fetch and XMLHttpRequest requests, but they either get blocked by the browser because of CORS or generic "TypeError: NetworkError".

My specific predicament is that I have a home server accessible through a dynamic DNS provider (free tier). I cannot easily obtain an SSL certificate because my ISP blocks HTTP requests to port 80, which makes Let's Encrypt HTTP-01 challenge basically impossible.

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Leo Brito
  • 2,053
  • 13
  • 20
  • 2
    HTTPS **requires** a (valid) cert. Don’t have a valid cert? Use an HTTP (which is _not_ HTTPS) endpoint and _hope it is not upgraded_ (eg. 3xx on the remote or upgrade-insecure header). The title and premise is very misleading because it appears the goal is to “make an HTTP request (without encryption/cert) to an HTTPS endpoint”, which is not possible. – user2864740 Jun 14 '20 at 20:53
  • 1
    @user2864740: I think he wants a cross-origin request like this: User goes to `https://example.com` and receives web page containing javascript. When the javascript runs it makes a request to `http://my-server.314159.dyndns.com/`. – President James K. Polk Jun 14 '20 at 23:16

0 Answers0