5

i'm writing a chrome extension that use a content_script. the content script use XMLHttpRequest to send information about the page to my server, and base on that information the server respond with somethings that has to be done.

everything works well on http pages, but fail on http*s*.

The error i get is: [blocked] The page at '==https page==' was loaded over HTTPS, but ran insecure content from '===myserver - http===': this content should also be loaded over HTTPS.

If i will use https on my server will it work? even though it's a different domain? is there any way to do it without using ssl on my server?

Thanks.

Dor Cohen
  • 155
  • 2
  • 6
  • 1
    You can `make request` to `server` from `background-script` by `passing message` from `content-script` this would solve your problem. – Raghvendra Parashar Oct 13 '13 at 18:44
  • Hi guys @rkp could you please elaborate how to do this. I have to support an extension and I don't know what you mean with background-script and content-script – juliangonzalez Oct 30 '14 at 22:26

1 Answers1

2

Yes, you can only call https content from an https page. See these for help on mixed content issue :

You can test your extension with mixed content by enabling it explicitly as instructed at:

If you enable SSL/https on your web-server this will solve the issue for your users also. A cheaper and easier way to enable SSL on your server almost instantly would be to use Cloudflare.

Stacked
  • 841
  • 2
  • 12
  • 23