1

I have my own front-end website using https, and i want to retrieve data from this xml document : http://www.polymtl.ca/etudes/cours/utils/ficheXML.php?sigle=INF4710. I make a GET request to this page:

$.get("//www.polymtl.ca/etudes/cours/utils/ficheXML.php?sigle=INF4710")

But this end with a security error:

Mixed Content: The page at 'https://mywebsite' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.polymtl.ca/etudes/cours/utils/ficheXML.php?sigle=INF4710?sigle=INF4710'. This request has been blocked; the content must be served over HTTPS.

Is there a way to trust this page and bypass security ? Or any hack to get this data involving only front-end libraries ?

Ulysse BN
  • 10,116
  • 7
  • 54
  • 82

1 Answers1

1

No.

The problem is not that you need to trust the page you are requesting data from, but that you need to trust the entire network between the browser and the server hosting that page.

You need an HTTPS URL for the data.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Thanks, I just realized this was a dup from [this one](http://stackoverflow.com/questions/29850867/possible-to-allow-http-requests-from-https-website). I’m going to retrieve them with an put into vars – Ulysse BN Dec 05 '16 at 18:38