5

I have a chrome extension that communicates using HTTP in development and HTTPS in production.

I run it from webpages that use HTTPS.

When I use this extension in my development mode I get the following error.

Mixed Content: The page at 'https://somesite.com' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://david-sniper.local:3001/api/end-point'. This content should also be served over HTTPS.

In the past I have been able to resolve this error by going reading this post how-to-get-chrome-to-allow-mixed-content

There are two solutiions in this post.

  1. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-running-insecure-content
  2. In the address bar at the right end should be a 'shield' icon, you can click on that to run insecure content.

I have never had success with the first solution, but the second solution where you click on the 'shield' icon was working up until a few weeks ago.

I'm now on Chrome 55 and there is NO Shield option to click on, so I'm wondering how to get mixed content working in developer mode?

enter image description here

Community
  • 1
  • 1
David Cruwys
  • 6,262
  • 12
  • 45
  • 91
  • 1
    While it is not what you are asking, the right answer is that you make your development environment as near-identical to your production environment as possible. In other words, use HTTPS for both. Having your development environment, or at least your development *testing* environment, be different than your production environment is just asking for problems when you move code from development into production, which is really *not* when you want to be finding problems. – Makyen Jan 06 '17 at 03:34
  • The messages at `console` are warnings, not errors, yes? – guest271314 Jan 06 '17 at 05:05
  • The actual requests are blocked, e.g. the call to jora-list is not being executed, so while the messages are warnings, the effect is a broken code. – David Cruwys Jan 06 '17 at 05:28
  • there is a chrome startup parameter to disable all security. look into it. – Zig Mandel Jan 06 '17 at 13:49

1 Answers1

13

Following a tip by Zig Mandel, I used command line parameters to run Chrome without security.

I created a folder called c:\_chrome_data and I unpacked my developer extension into chrome extensions and I used this command line.

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-running-insecure-content --disable-web-security --user-data-dir=C:\_chrome_data

Click the Shield, I noticed that the shield is not available in Version 55 of chrome anymore unless you have the settings listed in the command line included.

enter image description here

Working Extension

enter image description here

David Cruwys
  • 6,262
  • 12
  • 45
  • 91