Can not figure out insecure content in Mixed Content error - http

I'm getting a mixed content error
on my webpage (flutter) but am not sure how to determine the insecure resource. I've gone through the requests on this page with the Network tab on Chrome, and they are all pointing to https.
In the console, I get this error
Mixed Content: The page at 'https://yhat.pub/profile/cbb493d3-4a1c-423b-9813-69da377acda6/build_nbs/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://api.yhat.pub/build/'. This request has been blocked; the content must be served over HTTPS.
But when I look at chrome dev tools, the URL they are stating http://api.yhat.pub/build/ is going over https.
Any suggestion is appreciated.

Related

How can I send a request to HTTP://localhost/somephp.php from HTTPS://some.where/?

Background
I was making a browser extension that sends a POST request to http://ip.v4.ad.dr/somephp.php which does some data handling based on the POSTed data. This extension is supposed to function on the site https://meet.google.com/.
Problem
My problem arises because I am sending from https to http, so my request is blocked and this error appears:
Mixed Content: The page at 'https://meet.google.com/mym-eets-url?authuser=x' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://ip.v4.ad.dr/somephp.php'. This request has been blocked; the content must be served over HTTPS.
Please note that those are fake URLs. They are just there to signify that this is what the URL looks like, not what it is. mym-eets-url is My Meet's URL, and ip.v4.ad.dr is IPv4 Address
Attempts to solve
I have thought of:
Making/using some site that reflects the request to the target URL. I do not think this works since that mirror site may block the request, since it is https.
Making my localhost use https. I am pretty sure this will work, but I don't want to use https simply because the request won't send otherwise. I can try doing this if there isn't any other option.
Question
What is the best way to send a request from a https site to my own http://ip.v4.ad.dr/ server?

Mixed content http and https wordpress

I am working on a wordpress website, when i load my website from google chrome i found the following errors: Mixed Content: The page at 'https://www.example.com/' was loaded over HTTPS, but requested an insecure font 'http://example.com/wp-content/themes/woodstock/fonts/woodstock/woodstock.woff?421wez'. This request has been blocked; the content must be served over HTTPS. and Mixed Content: The page at 'https://www.example.com/' was loaded over HTTPS, but requested an insecure font 'http://example.com/wp-content/plugins/woocommerce/assets/fonts/star.ttf'. This request has been blocked; the content must be served over HTTPS.
Note: i have another domain name but this is an example
I have tried to install many secured SSL plugin but it doesnt change anything.
Load your font ressources over https instead:
https://example.com/wp-content/themes/woodstock/fonts/woodstock/woodstock.woff?421wez
https://example.com/wp-content/plugins/woocommerce/assets/fonts/star.ttf

Http and Https communicating issues

Trying to upload a media (video / image) for iphone and android, from one domain using HTTPs to another HTTP. Cant change both to a single protocol as both have different environments which cant be changed apparently.
Everything's working fine on iOS but Android is not doing the uploading thing.
Getting following error on Android chrome :
Mixed Content: The page at 'https://*****' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://*****'. This request has been blocked; the content must be served over HTTPS.
When the main page is https, then insecure (http) request are mostly blocked.
The best way to avoid mixed content errors is to use https for everything.

HTTP iframe on HTTPS page

I have a simple question, but can't find the answer that I'm looking for.
Is a http iframe that's loaded on a secure https page also secured?
A iframe with http source will not be displayed on a https website as it's considered mixed content and browsers like Chrome will block the content with the following message:
Mixed Content: The page at 'your website' was loaded over HTTPS,
but requested an insecure resource 'iframe http source '. This
request has been blocked; the content must be served over HTTPS.
So far I have not seen a solution to allow mixed content.
There has been a solution for Firefox which is based on redirecting the iframe source via another website that is hosted on the HTTPS Domain.
It is not automatically, you should verify if the src of your iframe is connecting via https or not:
<iframe src="http://www.example.com"></iframe>
your iframe doesn't extend the https access from principal page.

How do servers behave when browsers request embedded resources that do not exist?

Let's take the following hypothetical situation:
an HTTP server has a custom error page set up /404.html and does a server-side forward for any URL that gives a 404 response (for example /blabla.html) to the 404.html page
a browser requests an existing page from the server, say /home.html
the page contains <img src="a.jpg" alt="a" />, but that resource does not exist on the server
the browser receives a 404 for the resource, marks it as missing and does not receive any response (tested this in Chrome and FF in the network tab of the dev console - the response bit is empty)
My question is: what happens on the server when the image is requested?
My guess is the browser cuts off the connection when it gets the 404 status in the header so it doesn't wait or download the response. My other guess is that it's implementation specific, but I'm curious if the servers notice that the connection has been cut off.
The browser will get your error page but he can't handle html in an image. (It will throw an error in the console)
If you would do it with a frame it will show your error page.

Resources