Problem with mixed-content requests on heroku (https vs http)

[nclevine]

I am getting blocked ajax API requests when I try to make them from the heroku deployed version of my app. The problem is that it is a mixed-content request, meaning that my page is https, but the requests are to http URLs and are being blocked due to the "security risk". Unfortunately, some of the APIs simply don't work with https, they need to be http. All the solutions I have found online simply ask me to make all the requests https, but that's not an option. Any alternative ideas?

[RobertAKARobin]

Can you paste the contents of the error message?

[nclevine]

application-586cf86ad9f2e35d27dd4e47ca2f7067075f6334087fca4fd33ab77e732551bf.js:26 Mixed Content: The page at 'https://rocky-wildwood-9121.herokuapp.com/spaces/1' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://scrapi.org/search/magritte'. This request has been blocked; the content must be served over HTTPS.

[adambray]

I'm pretty sure the correct answer to this is to implement the external API requests from your backend, and then make an HTTPS AJAX request from JS to your backend.

[mattscilipoti]

Try using https in your browser for the url to your app.

[mattscilipoti]

Sorry. I read that backwards. Give me a sec.

[nclevine]

ok, i guess i will reroute all my apis thru the backend after all. the one that's already doing that is working fine and the url in my rails controller is http. thanks!

[mattscilipoti]

I recommend following Adam's advice (which appeared as I sent mine). You should be using https. Some api's are not allowing you too. Therefore, you need to perform them in your backend. You may be able to use "http" instead of "https" to access your heroku app, but that will probably cause warnings from the api's that are using https.

[nclevine]

nonetheless i am curious how to control whether a heroku app is http or https...

[nclevine]

thanks everyone