How to do a Javascript XMLHttpRequest to a https:// URL using a self-signed certificate, that is known by the client to be legit?
My attempts fire the error event of XMLHttpRequest.
Related
I'm currently trying to make an AJAX request in a crappy dev environment. My current app is on HTTP and is making an AJAX request to an HTTPS endpoint with a broken certificate. Is there any way I can get my IE11 to stop rejecting the request?
Found a solution for fixing the messed up SSL cert situation here: https://medium.com/#ali.dev/how-to-trust-any-self-signed-ssl-certificate-in-ie11-and-edge-fa7b416cac68
Installed postman from Chrome.
Getting error related to ssl certificate when posting https request.
Looks postman could not have SSL handshake with server, although server is working fine.
2021 Update:
For those interested to configure properly your certificates within Postman, please follow the below tutorials:
Postman: Working with certificates
How to Troubleshoot SSL Certificate & Server Connection Issues
Old solution, only disabling the SSL verification.
For anyone having this trouble.
Self-signed SSL certificates are being blocked:
Fix this by turning off 'SSL certificate verification' in Settings > General
So, just try to disable the SSL certificates in the Postman Settings.
After that, Postman was able to normally make POST requests through HTTPS.
Source: Postman help.
Open chrome and directly posting the https url for the post request, then reopen postman it works. Chrome browser did the SSL handshake and past the info to postman so postman can continue with https request.
My questions is simple, but I cannot find an answer and I haven't got any resources to test it myself.
Can I make HTTPS CORS request from one domain to another HTTPS domain?
Can I make HTTP CORS request from one domain to another HTTPS domain?
I know that I can do HTTP CORS request from one domain to another HTTP domain, but I don't know if there is any difference when I use HTTPS.
Yes you can do a CORS request from a HTTPS domain to another HTTPS domain.
The only difference is because HTTPS is a secure origin, you can only make call to secure origin, so not to HTTP, the browser will block it with a message like:
Mixed Content: The page at 'https://example.com/index.html' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example2.com/endpoint'. This request has been blocked; the content must be served over HTTPS.
Warning: If you allow http requests to call your https webpage, it will be insecure because it means an attacker can force requests to your https webpage with the cookies of a victim and read the answer
Beware if you still need to support IE8/IE9 and are using XDomainRequest as it does not support cross-protocol requests. As per MDN:
The origin's security protocol must match that of the requested URL. (http to http, https to https). If these do not match, the request will error "Access is Denied".
I have a server on heroku, using https certificate. Now I am trying to build an IOS/Android app using Ionic framework and make connection to that heroku server.
The error when I do it is
"ERR CONNECTION REFUSED" when I am trying to do https://example.com/auth
And when I change it to http instead, the error is
XMLHttpRequest cannot load http://example.com/auth. The request was redirected to 'https://www.example.com/auth', which is disallowed for cross-origin requests that require preflight.
Thanks for any help.
I am trying to make an ajax request to a trusted test server through chrome extension, which is self signed. so whenever i make a request it provide me Badrequest but it works fine on orignal/main web server. So i need to override the self signed certificate in order to make a successful ajax request.
Any help would be appreciated!