“Mixed Content” warnings occur when an HTTPS page is asked to load a resource over HTTP. This is dangerous because the insecure resources are vulnerable to alteration by an active attacker or eavesdropping by a passive attacker, which violates the user’s expectation of security for an HTTPS page. https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content?hl=en
I found this blog post which cleared up a few things. To quote the most relevant bit: Mixed Active Content is now blocked by default in Firefox 23! What is Mixed Content?When a user visits a page served over HTTP, their connection is open for eavesdropping and man-in-the-middle (MITM) attacks. When a user visits a … Read more
As already pointed out in a comment: the site has a bad SSL implementation as can be seen from the SSLLabs report. The main part of this report regarding your problem is: This server’s certificate chain is incomplete. Grade capped to B. This means that the server is not sending the full certificate chain as is … Read more
According to Network security configuration – Starting with Android 9 (API level 28), cleartext support is disabled by default. Also have a look at Android M and the war on cleartext traffic Codelabs explanation from Google Option 1 – First try hitting the URL with “https://” instead of “http://” Option 2 – Create file res/xml/network_security_config.xml … Read more
You have to make sure the port you are connecting to is port 443 instead of port 80. Example of explicitly setting the port to be used in the URL:
Yes an Untrusted certificate can cause this. Look at the certificate path for the webservice by opening the websservice in a browser and use the browser tools to look at the certificate path. You may need to install one or more intermediate certificates onto the computer calling the webservice. In the browser you may see … Read more
This worked for me e.g: Im using visual studio 2017 dont know if it effects anthing.
This has not been tested but I think this should work using mod_rewrite
Here’s your problem: You don’t allow SSL requests (443 port number is used for HTTPS requests). Try removing these lines.
In express.js (since version 3) you should use that syntax: In that way you provide express middleware to the native http/https server If you want your app running on ports below 1024, you will need to use sudo command (not recommended) or use a reverse proxy (e.g. nginx, haproxy).