http.get and http.head methods changing https request to http request in FlutterWeb PWA for urls from its own domain

[P5music]

I created a PWA with Flutter Web. When I use the http.get or http.head functions with an url like https://www.myapp.info/api/validate/?url=https://external.site.com/path/file.ext but it likes it if the url has a fake file (I need a different .htaccess rule for that) https://www.myapp.info/api/validate/fake_file.ext?url=https://external.site.com/path/file.ext this is a workaround.

In the former case the request gets changed into something starting with http://www.myapp.info/.... and in the browser I get an error like

Mixed Content: The page at 'https://www.myapp.info/appdev/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.myapp.info/api/validate/?url=.....'. This request has been blocked; the content must be served over HTTPS. ClientException: XMLHttpRequest error., uri=[https://www.myapp.info/api/validate?url=

It is ascertained that the request does not even leave the browser, Chrome or Firefox (Firefox calls it Active Mixed Content)

My PWA is not working because of this, for a certain feature, unless I use the workaround and change also the htaccess rule on my server.

No matter how I create the uri request, even with https method itself, it gets changed. The same using the dio package (using that, the error says that the network layer is the cause)

[brianquinlan]

It is very unlikely that this is an issue with package:http. Instead, it is likely to be a limitation of XMLHttpRequest.

[P5music]

Thanks for the response. Is there any possible reason for it to like the fake_file.ext workaround? Indeed https://www.myapp.info/api/validate/fake_file.ext?url=https://external.site.com/path/file.ext is not altered so there is not an error. You say it is a limitation of XMLHttpRequest, but it is a bug isn't it? I mean, it does something wrong and the result is an error it creates by itself.