K
K
kuzubina2020-06-25 10:25:39
JavaScript
kuzubina, 2020-06-25 10:25:39

How to make post and get requests from https to http?

Hello!
I use VUE.JS on the client, the site hangs on the https domain, the server on NODEJS and EXPRESSJS on another hosting. When requesting from the client to the server (using axios), the browser gives an error like this

Mixed Content: The page at ' https://domain.com ' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ' 150.160.60.160:5000/api/ login '. This request has been blocked; the content must be served over HTTPS.

I understand the essence of the problem that the server does not have a secure connection and the browser blocks such requests.
What is the best way to solve this problem? what are the ways?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
A
Aetae, 2020-06-25
@Aetae

Correct solution: get and install the same certificate for your server. With lets enscript it's fast and free.
Crutch: put on the site:

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
In fact, this is a hack, because. the main purpose of this header is to make everything work over https, but if the browser does not receive a response on the https port, it allows work on http.

L
Lynn "Coffee Man", 2020-06-25
@Lynn

Any way to set up https on the server with the node.
For example, set up a reverse proxy on the site's domain.

R
rPman, 2020-06-25
@rPman

without a local https proxy post requests in any way (there is a browser command line option that disables the ban), with get requests you can try to get out, for example, pictures are loaded. Try loading data into script type=text/html

A
Anya Knyazeva, 2020-06-25
@AnnaKnyzzeva

Exposing NodeJS outside is wrong. It is not intended for this.
The correct architecture is when all requests come to Nginx, and Nginx already proxies them to NodeJS.
In Nginx, you need to make a redirect from HTTP to HTTPS forced. Then all requests will be encrypted.
You don’t have to reinvent the wheel and mess around with the Nginx config for a long time. To organize the HTTPS connection setup for Nginx, there is a special library that does everything under the hood - it issues certificates, and the Nginx config is edited and the certificates are updated automatically when their action line is completed.
Read more here: https://www.nginx.com/blog/using-free-ssltls-certi...

N
Nadim Zakirov, 2020-06-25
@zkrvndm

Above, people advise to put an SSL certificate on your server, but in fact this is not the only solution. CORS won't bother you in any way if you're making a request from an http domain... and this allows for all sorts of workarounds. Just for the record, and everyone says it right above - the correct option is a certificate.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question