HTTPS server consults postal zip code

Asked

Viewed 1,331 times

2

I am trying to order the address by zip code on a website, but is giving the following error:

Mixed Content: The page at 'https://meusite.com.br' was Loaded over HTTPS, but requested an insecure Xmlhttprequest endpoint 'http://cep.correiocontrol.com.br/20040901.json'. This request has been blocked; the content must be served over HTTPS.

The server that my site is hosted is HTTPS so I believe that is the problem... someone knows a site for query that is also HTTPS not to give security error?

  • 1

    It’s not just you putting //:url instead of http://url?

  • @Wallacemaxters did this and made the following mistake: GET https://cep.correiocontrol.com.br/20040901.json net::ERR_CONNECTION_TIMED_OUT

  • It is error in mail server then.

  • Let me ask you, do you use any server language (server-side)? I have a solution for this that ended these headaches

  • 1

    When you use the HTTPS protocol when you want to transit data they must be via HTTPS protocol, in your case your server is using the HTTPS protocol but the mail webservice does not, so it does not allow you to request an unsafe protocol (in this case http), do the test: make the request through the http file, it will probably work.

  • @Laerte yes, that’s right... the problem I can’t do that because the system needs to be on an https server

  • @Wallacemaxters yes, use php Laravel framework

  • Dude I took a look here, the only solution is to have this URL available via https or you work with HTTP, but as you said yourself will not be possible.

Show 3 more comments

2 answers

3

When you use the HTTPS protocol and need to make requests they must be via HTTPS. For security reasons.

In your case your server is using HTTPS but the Mail Web Service does not, so it does not allow you to request to the Mail server because it considers insecure.

But you can make requests for the HTTPS protocol via HTTP, example: CDN.

Most of the current browsers blocks this type of request, call for Mixed Content.

For third party domains, use the HTTPS version of the site, if available. If HTTPS is not available, you can try to log in contact the domain and ask if they can make the content available via HTTPS.

Sources:
What is Mixed Content?
How to fix a website with blocked Mixed content

0

Silvão, cool? Since you’re using Laravel, how about using a Proxinig?

It will work as follows: You grab send a request to the zip url by Laravel, and by jQuery, you send the request to the Laravel.

It will save you a lot of headaches, since you will be making the requisition for your own domain:

Route::get('cep/{cep}', function ($cep)
{
     $url = sprintf('http://cep.correiocontrol.com.br/%s.json', $cep);

     $json = json_decode(file_get_contents($url), true);

     return Response::json($json);
});

In your jQuery, just do this:

$.get('/cep/' + cep, {}, function (response) { /** ... **/ });

The advantage of this type of request is that you don’t have to worry about these boring limitations imposed by browsers.

Learn more about the subject at:

What is the name of the operation when we make an ajax request to the internal server which in turn takes information from external?

Browser other questions tagged

You are not signed in. Login or sign up in order to post.