Insecure XMLHttpRequest endpoint

raptorfx · August 15, 2021, 6:13pm

Username (e.g. epiz_XXX) or Website URL

Error Message

Mixed Content: The page at ‘{site_url}/’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://bb-mon.ml/endpoints/get-website-changes/?_=1629050654857’. This request has been blocked; the content must be served over HTTPS.

Other Information

All the requests made by AJAX are being added a query string at the end and are being changed to HTTP instead of HTTPS without me specifying anything such in the code. If I remember correctly the ?_=1629050654857 query string is added by InfinityFree but why does it change the protocol?

raptorfx · August 15, 2021, 7:10pm

I’ve managed to solve the issue by issuing a Let’sEncrypt certificate for the server and enable Full SSL/TLS encryption on Cloudflare.

Admin · August 16, 2021, 4:23pm

HTTPS detection while using Cloudflare Flexible SSL is a bit tricky, using Full SSL is much easier that way.

If you’re using Full SSL (not strict), you can also get a Self Signed certificate from our SSL tool and use that. It’s about as secure, and you don’t need to renew it every three months.

system · August 23, 2021, 4:24pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.