I am calling an http endpoint using axios in an excel addin project. However I am unable to call the endpoint because the addin has an https certificate. It gets installed on every project I try to create using the addin cli. Is there a way to disable https so I can call this endpoint? Here is the error.
Mixed Content: The page at 'https://localhost:3000/taskpane.html?_host_Info=####'
was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint
'http://#######'. This request has been blocked;
the content must be served over HTTPS.
First, your question is missing an important detail that I was able to derive, but you should have included, your using NodeJS as your server.
This isn't technically a duplicate, but the question is really How to disable SSL in NodeJS, Yeoman Office-JS Template as it seems you have already figured out you can't call an http endpoint from an SSL enabled Office Add-In.
I'm not 100% how to disable SSL in NodeJS, but try changing the Dev URL to http. In webpack.config.js --> const urlDev = "https://localhost:3000/"; --> const urlDev = "http://localhost:3000/";.
If you have access to the backend server and can get SSL configured, your better off setting up a API Gateway/Proxy such as krakend to proxy http requests.
I know I just had to disable SSL in my project for the same reason, but I use Visual Studio, so I can't test NodeJS.
See --> https://stackoverflow.com/a/71461455/5079799
Related
I have a create-react-app application in which I enabled the proxy by adding:
"proxy": "http://localhost:3001",
to my package.json. That's working well for API requests to /graphql, but when the web browser request /graphql (for the purpose of loading the UI to run queries) gets handled by the frontend and not proxied. Is it possible to also proxy it?
Same thing happens when I try to do OAuth by visiting https://localhost:3000/auth/facebook, the frontend handles it instead of the backend.
It is indeed possible to further customize the proxy.
First, when a web browser requests /graphql or /auth/facebook, it sends an Accept header that holds text/html (among others). The configuration of the CRA proxy specifically ignores requests with this header value:
The development server will only attempt to send requests without text/html in its Accept header to the proxy.
(emphasis in original text)
Luckily, you may override the default configuration and basically hook the proxy middleware to your liking. There are detailed instructions in the docs and even more so in the npm package docs, but the crux of it is:
app.use(
'/graphql',
createProxyMiddleware({
target: 'http://localhost:3001',
changeOrigin: true,
})
);
Using the following stack:
AWS amplify
NodeJS
ReactJS (built using create-react-app)
When running amplify mock it automatically assigns an endpoint with HTTP (as can be seen in the terminal and the aws-exports.js file).
I am however hosting my app locally in an HTTPS environment using ($env:HTTPS="true") -and (npm start) so as to better accommodate the social sign-ins which usually require all requests to come from HTTPS even if on localhost.
I constantly have to change my env to HTTP to try out things with the mock backend instead of just maintaining everything in HTTPS.
Is there a way to let the mock backend be served over HTTPS?
I have found a partial answer.
using the chrome browser settings, select privacy and security and go to site settings.
Add the URLS you are requesting over http into the insecure content allowable section. This allows an origin of https to request over http.
I am trying to test an ASP.NET Web Api locally using IIS Express. When I use Chrome and hit the url (localhost:5000/api/test, for example) the json displays fine, but when using Postman I keep getting unauthorized 401.2 when hitting the same url. The api controller has Anonymous access on the route.
On the error message, one of the likely causes is:
Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.
Is Postman somehow changing the headers?
[2019 Update]
Got the same issue, I couldn't debug an ASP Core 2.1 API using Postman when running on the local machine using IIS Express. I kept on having "Could not get any response" despite it was working fine on a browser.
Following troubleshooting steps explained here PostmanLabs Github, I noticed into Postman console that this was coming from a certificate issue.
Disabling SSL Verification from Postman Settings > General allowed the request to pass through.
Looks like it's your proxy.
I haven't found the proxy setting in postman. So I deleted postman for Win and installed postman for Chrome. Possibly Postman gets the environment from Chrome.
Anyway the resolution is to use Postman for Chrome instead of Postman for Win.
I have a localhost WebAPI site up with IIS Express (HTTPS). Postman started to respond as expected to GETs and POSTs after I changed (in Postman)
File --> Settings --> Proxy
to: "Use the system proxy"
and turning on: "Respect HTTP_PROXY ...".
I had earlier set up a custom proxy that wasn't working with HTTPS.
I am using the Postman native app on Windows 10 and am struggling with trying to capture https requests. Postman's Documentation for this is for Mac and not Windows.
In particular, I am working on a web application that creates a session cookie upon login that needs to be included in most requests in order to be authorized. When I was using the Chrome App, Postman Interceptor achieved this (see https://stackoverflow.com/a/32436131/3816779).
Here's what I've tried so far:
Turn on the Proxy in Postman with port 5555.
Configured windows to send http and https requests through Postman's proxy server (127.0.0.1:5555).
This allows http requests to be captured in Postman
But when trying to connect to https sites, I get an error
Here are my Postman settings if that helps.
Update I ended up switching back to the Chrome App, which uses the "Interceptor" instead of a "Proxy Server" to capture traffic.
Unfortunately, capture https requests with postman native app is impossible in some case according to the official doc: Capturing HTTP requests
Note: for the Postman native apps, request captures over HTTPS will not work if the website has HSTS enabled. Most websites have this check in place.
Postman's proxy now supports HTTPS traffic - https://blog.postman.com/postmans-proxy-now-fully-supports-https-endpoints/
Once you install a CA certificate that Postman generates for your installation, capturing HTTPS requests should be seamless.
Disclaimer: I work at Postman
With Google Chrome i don't know how to fix the issue. But you can use to open the web page for example IE..
EDIT:
Or MAYBE you can start Google Chrome with parameter --ignore-certificate-errors to ignore the error message.
Postman Interceptor is available for Postman native apps which supports both features:
1. Capturing requests
2. Syncing cookies
Learn more here.
Just check HTTPS in setting and will work for you
Am using WSO2 API Manager 1.9.1 and have defined a service that can be access over both http and https. When I try to "test" it through the API Console under https://localhost:9443/store/apis/..., the API call fails as the REST AJAX call is send over http instead of https.
Chrome complains that the page was loaded over HTTPS but requested an insecure XMLHttpRequest. The request is blocked as it should be served over HTTPS.
Firefox likewise blocks the request with a "mixed active content" error.
Safari fails with a more obscure message: "Failed to load resource: The network connection was lost.".
A workaround is to set the API scheme to https only but this is not particularly desirable. Is there a fix or other way to cope with this issue?
This issue occurs when you're trying to access a HTTPS URL from the web browser
but the end point is actually HTTP. This is not the default behavior of swagger console in API manager 1.9.
Usually when you are accessing from the web browser using HTTPS, API console
(swagger console) calls an end point of HTTPS by default.
Try to expose the service as both HTTP and HTTPS(Manage Tab) when you are publishing an API.
Thanks
Ojith