I have chrome extension that has been around for 1 year. Recently, it was suddenly faulty.
Mixed Content: The page at 'https://world.tmall.com/item/12426175516.htm?id=12426175516&spm=875.7931836/B.2017039.7.66144265UTcEvV&scm=1007.12144.81309.73136_0_0&pvid=484f364e-60fb-46cb-9127-701a875f8e18&utparam=%7B%22x_hestia_source%22:%2273136%22,%22x_object_type%22:%22item%22,%22x_hestia_subsource%22:%22default%22,%22x_mt%22:8,%22x_src%22:%2273136%22,%22x_pos%22:4,%22wh_pid%22:-1,%22x_pvid%22:%22484f364e-60fb-46cb-9127-701a875f8e18%22,%22scm%22:%221007.12144.81309.73136_0_0%22,%22x_object_id%22:12426175516,%22tpp_buckets%22:%222144' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://err.tmall.com/error1.html'. This request has been blocked; the content must be served over HTTPS.
Access to XMLHttpRequest at 'https://order***.com/my-account/temps' from origin 'https://world.tmall.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
$.ajax({
type: 'POST',
url: 'https://order***.com/my-account/temps',
data: {data: data},
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credential": "true",
},
beforeSend: function () {
$('.loading').show();
},
success: function(response) {
window.open(response);
},
error: function () {
alert('Error!');
},
complete: function () {
$('.loading').hide();
}
});
