When my NodeJS server was running with HTTP, any client-side jQuery script from google's API worked well. But I changed all requests to HTTPS with a self-signed certificate, and after that my static CSS files still work, but Jquery doesn't. Is there a reason why this happens?
Answering my own question.
The API scripts google Distributes comes in both http and https links. I found out that to use these scripts, you have to also access these external scripts through HTTPS.
Related
I have developed a node js application which works fine as long as use http. Now I need to upgrade the code too be able to work ssl and I am having problems to load the socket.io-client/socket.io.js file. (The rest is working fine. I installed the certificates and the server works well)
Firefox fails with the following message: Blocked loading mixed active content "http://"url"/socket.io/?EIO=3&transport=polling&t=NX-uS5E". which is weird because the link states a http request.
Chrome fails with this message: socket.io.js:3511 Mixed Content: The page at 'https://"url"?' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://"url"/socket.io/?EIO=3&transport=polling&t=NX-s_OB'. This request has been blocked; the content must be served over HTTPS.
It seems that socket.io-client is trying to load a resource using http instead of https. Is that possible?
How can I correct this? Any idea?
I have been searching the web for two days noow and I have not come to any indication of someone else having this issue
Ok, after letting it go for the evening and having a good rest I checked my whole code again and found the error!
I had one obfuscated code line where I was using a http request instead of a https one. I had to correct this on both, the server and the client side.
I also had to include the port number on each of the calls and force the socket on the client side to use polling instead of websockets by adding the option "transports: ['polling']"
I am working on a 2-player card game. The two client facing pages are hosted on Github pages and the node server is running on AWS.
Everything works fine when I view my client side pages locally, but when I try to open them on Github pages I get this error:
Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS.
So then I change the connection url to include https like this:
var socket = io.connect("https://ec2-18-191-142-129.us-east-2.compute.amazonaws.com:3000");
And I get this error:
index.js:83 GET https://ec2-18-191-142-129.us-east-2.compute.amazonaws.com:3000/socket.io/?EIO=3&transport=polling&t=N71Cs6c net::ERR_SSL_PROTOCOL_ERROR
Here are my security groups:
Do I need to do something with an SSL certificate? Is it even possible with my current setup as I don't have access to the domain I am hosting on (Github Pages). If it's not possible are there any online services I can host my client code on and get an SSL certificate, or do I have to buy a domain and hosting? Any help welcome, but please try to explain it because I am very new to all this. Thank you.
Ec2 doesn't support https like this ("out of the box").
There is several way of doing it, but I suggest you should create a application load balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html) and then configure https on it (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html).
Other solution can be using Cloudfront, or configure https directly on the instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html).
Hope that makes sense.
As mentioned by alcyon, changing from HTTP to HTTPS does not enable your application to run over HTTPS. There are many ways to achieve this. Checkout the detailed guide by AWS for your use-case at https://aws.amazon.com/premiumsupport/knowledge-center/configure-acm-certificates-ec2/ .
I have deployed my app to heroku, and I am using their ACM. When I go specifically
to https://www.example.com I have a secure version of my site. But when i just type in www.example.com (which is what a consumer would do) I have the unsecured version of my site.
I want to redirect all http requests to https so the consumer will alway interact with the secure version of the app.
Solutions I have tried so far, which haven't been successful for me are:
heroku-ssl-redirect.
Using an if statement that checks the X-Forwarded-Proto Header to see if it isn't https and then use a redirect, but no luck with this yet. I am unable to actually see this header when I check in the dev tools for it, So I am wondering if this is the cause of that code not working.
Can anyone guide me in the right direction?
I am developing on a server which was initially running HTTP protocol. After switching to HTTPS protocol, any changes done on the Javascript file won't update any longer. I've made sure that, the file was in fact saved properly, upload and re-downloaded the file to make sure the changes on the code were really there and, it was.
Here is my question, why https won't react to changes I made to the file but, as soon as I use http, the changes are displayed?
Your Javascipt source code appear to attempt to POST to an HTTP URL when you are using HTTPS. Most modern browsers block this as this is insecure. If your POST URL supports HTTPS, change it and you should see this work.
I am using Google Translate on my website. After I updated to HTTPS, Google Translate stopped working. I even used https://www.google.com/jsapi instead of http://www.google.com/jsapi, but this didn't help.
It is because most of the browsers don’t accept mixed content i.e. calling http resource from HTTPS site.However you can enable it forcefully in your browser.
Using HTTPS for calling jsapi wont be helpful in your case as the real problem occurs when this website internally calls http://www.google.com/inputtools/try/.