Stack Overflow
Stack Overflow

Questions tagged [mixed-content]

HTTPS page that includes content retrieved through cleartext HTTP

Mixed content occurs when a document served over HTTPS contains content retrieved through cleartext HTTP. That makes the connection only partially encrypted and vulnerable to man-in-the-middle attacks. Therefore, browsers block such mixed content.

https://w3c.github.io/webappsec-mixed-content/ defines the relevant requirements for browsers.

335 questions
414
votes
17 answers

Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox?

This morning, upon upgrading my Firefox browser to the latest version (from 22 to 23), some of the key aspects of my back office (website) stopped working. Looking at the Firebug log, the following errors were being reported: Blocked loading mixed…
Appulus
  • 18,630
  • 11
  • 38
  • 46
227
votes
10 answers

How to get Chrome to allow mixed content?

Chrome browser by default is blocking mixed content. How do I adjust my settings/configuration to allow mixed content without making any adjustments on the UI every time? I have found two solutions but neither of them work: Several articles say you…
Trant
  • 3,461
  • 6
  • 35
  • 57
56
votes
6 answers

Web API Error - This request has been blocked; the content must be served over HTTPS

We have deployed the api on azure and trying to consume in our web app written in angular 5. However when we try to consume the api we are getting following errors. Chrome Mixed Content: The page at…
XamDev
  • 3,377
  • 12
  • 58
  • 97
33
votes
4 answers

Safari 9 disallowed running of insecure content?

after upgrading to Safari 9 I'm getting this error in the browser: [Warning] [blocked] The page at https://localhost:8443/login was not allowed to run insecure content from http://localhost:8080/assets/static/script.js. Anyone knows how to enable…
Staelen
  • 7,691
  • 5
  • 34
  • 30
31
votes
6 answers

Mixed content in Chrome and IE

In my HTTPS enabled site I have added an iframe that should show content from my other site, but it is not working under https. In Firefox latest version everything works good. In Chrome, the iframe isn't…
vborutenko
  • 4,323
  • 5
  • 28
  • 48
31
votes
4 answers

Loading Google font in HTTPS, content being blocked

There is a wordpress theme that automatically pulls the option font picked and requests it from google font. when ssl was needed for a few selected pages the font became missing Viewing the console log: [blocked] The page at…
vico
  • 2,152
  • 2
  • 17
  • 38
29
votes
3 answers

How can I allow Mixed contents (http with https) using content-security-policy meta tag?

I'm forcing https to access my website, but some of the contents must be loaded over http (for example video contents can not be over https), but the browsers block the request because of mixed-contents policy. After hours of searching I found that…
Mustafa Dwaikat
  • 3,392
  • 9
  • 27
  • 41
23
votes
5 answers

Make API request to HTTP endpoint from AWS Amplify deployed HTTPS (SSL) Client

I have deployed my Backend/API server in a AWS EC2 instance, which is being loaded without SSL and the url is like, 'http://ec2-67-ap-southeast-3.compute.amazonaws.com' And I have deployed my React Frontend/Client using AWS AMPLIFY Console. Which is…
Muhaimenul Islam
  • 747
  • 1
  • 7
  • 22
18
votes
1 answer

HTTPS iframe inside a HTTPS page not working

How can we use github pages embedded in an iframe correctly? I've hosted a website in firebase and it is using a custom domain over https, for example, https://www.example.com. This website uses react and other things, but for one route (the landing…
GarouDan
  • 3,743
  • 9
  • 49
  • 75
15
votes
5 answers

Got "Blocked loading mixed active content" on HTTP website

Problem I'm developing a website served using HTTP protocol. In development I use Webpack with it's webpack-dev-server, which serves the page locally on http://localhost:9090. I was surprised to see in Firefox 58 console the following mixed content…
Robert Kusznier
  • 6,471
  • 9
  • 50
  • 71
13
votes
1 answer

Forcing AJAX call to be HTTPS from HTTPS Page

Currently making an AJAX call from a HTTPS jsp to call in data from another jsp page. We are however getting a Mixed content issue: Mixed Content: The page at 'https://etc/' was loaded over HTTPS, but requested an insecure XMLHttpRequest…
KirisuteRanza
  • 367
  • 3
  • 15
12
votes
1 answer

How to fix "Blocked loading mixed active content" for css and js over https

When attempting to view my site over https, I keep getting a "Blocked loading mixed active content" error in my Firefox console. I am getting this error only for my css and js file. The reason I am so confused is because the reference to the files…
MultiDev
  • 10,389
  • 24
  • 81
  • 148
9
votes
2 answers

XHR response blocked by Chrome, because of mixed content issue (http/https)

I'm currently using jQuery AJAX to GET a relative URL, without scheme/domain in front of it (e.g. '/js/get_international_popup/'. The response is also a relative URL when I view my location header before I return it. When I test this locally, over…
Jos van Leeuwen
  • 263
  • 3
  • 8
9
votes
1 answer

Allow loading HTTP resources over HTTPS

Suppose my website is over HTTPS and I need to load a CSS or Object resource from HTTP, how can I do this? Please note that I'm able to add Content-Security-Policy to the response headers over the HTTPS websites but I don't exactly know how can I do…
Afshin Mehrabani
  • 33,262
  • 29
  • 136
  • 201
8
votes
1 answer

Mixed-content request from HTTPS page to HTTP (non-HTTPS) localhost address not blocked

Suppose the page below is loaded from https://127.0.100.1. The page makes an XMLHttpRequest to http://127.0.100.2. This seems like mixed content: The page is loaded over a secure connection and a resource is loaded over an insecure connection.…
user2768
  • 794
  • 8
  • 31
1
2 3
22 23