Allow https source access

Asked

Viewed 101 times

0

I developed a Node api using restify only for real-time warnings, but came across a https problem:

If the origin of the request comes from an https site the api does not work

My Cors on the Node is like this:

const cors = corsMiddleware({
  preflightMaxAge: 5,
  origins: ['*'],
  allowHeaders: ['*'],
  exposeHeaders: ['*']
})

I call it:

const cors      = require('./cors')
app.pre(cors.preflight)
app.use(cors.actual)

When the originating site https://site.com tries to access my api, gives the following message:

Mixed Content: The page at 'https://site.com/client/compras' was Loaded over HTTPS, but requested an insecure Xmlhttprequest endpoint 'http://minhaapi.nodejs7602.servor.net:21289/socket.io/? EIO=3&transport=polling&t=Mlpytyv'. This request has been blocked; the content must be served over HTTPS.

This problem only occurs when the site is on https

How can I fix this?

node.js https cors restify

1 answer

0

This is not CORS error, is security error even, you want to load an HTTP resource into an HTTPS page, you understand? This breaks security, because there even having Https still yes for the browser by logic not all of the user will be encrypted and even for security the browser blockade.

The most that I think you can do is a local "proxy" (on the site in Https) to read the content, but I believe that being a Websocket, it will not work very well, so the solutions for the end user to be able to access are:

  • Use HTTPS on the socket server
  • Do not use HTTPS for now (until it is possible to put the socket on secure protocol) on the main website.

Browser other questions tagged node.js https cors restify

You are not signed in. Login or sign up in order to post.