PokeAPI / pokeapi-js-wrapper

PokeAPI browser wrapper, fully async with built-in cache
Mozilla Public License 2.0
278 stars 44 forks source link

API calls are over HTTP causing Mixed Content errors #7

Closed SpencerMcMurray closed 5 years ago

SpencerMcMurray commented 5 years ago

This is the error I'm getting:

Mixed Content: The page at 
'https://pokesoul.herokuapp.com/editor/%7B%22load%22%3Atrue%7D' was loaded over HTTPS, 
but requested an insecure XMLHttpRequest endpoint 'http://pokeapi.co/api/v2/pokemon/?
limit=100000&offset=0'. This request has been blocked; the content must be served over
HTTPS.

Heroku uses HTTPS for their hosting, so I'm assuming it doesnt like that the API calls use HTTP.

rdavid1099 commented 5 years ago

Not sure if this is related, but I just dealt with this issue the other day. AJAX does not allow calls without a backslash as the end of the URL. It will put a backslash at the end and recall the address using HTTP. For example, if your URL is https://thisstuff.com/api?foo=bar AJAX will change that to http://thisstuff.com/api/?foo=bar resulting in the Mixed Content error on certain browsers. To fix this, simply add a backslash to the end of the requested URL. I hope this helps.

Naramsim commented 5 years ago

There is an option to force HTTPS. Read the readme please.