CORS - Cross POST Domain for HTTP with HTTPS

Question

CORS - Cross POST Domain for HTTP with HTTPS

I am trying to use POST XmlHTTPRequest from a page loaded from HTTPS to another domain using an HTTP URL. An HTTP server is a local (home) server, so there cannot be HTTPS. (This is a prototype / demo - the home HTTP server is likely to be in the top box). My server returns:

'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods' : 'GET, POST, PUT, DELETE, OPTIONS'

When I send a message, it looks like the browser canceled the request. I see this warning in the console:

The page in 'https://xxx.html'was loaded on top of HTTPS, but insecure information was displayed from 'http://localhost:10293/yyy': this content should also be loaded on top of HTTPS.

Is there any way to make this work?

The most interesting thing is that I can send DELETE to the HTTP server, and it works, just not POST! (The server processes the “OPTION” request and returns the above “Access” headers. DELETE also raises a warning to spit it out, but the request is sent, unlike POST, where the request was canceled by the browser.

The server is the base server of node.js.

+4

javascript ajax https cors

svenyonson Mar 24 '14 at 19:19

source share

1 answer

svenyonson · Answer 1 · 2015-02-12T16:13:39+0000

I was able to complete this work by processing an OPTIONS request on my HTTP server:

    response.writeHead(200, {
        'Content-Type': 'text/html', 
        'Access-Control-Allow-Origin': '*', 
        'Access-Control-Allow-Methods' : 'GET, POST, PUT, DELETE, OPTIONS'
    });
    response.end();

The problem with the POST failure was a red herring - I forgot the exact circumstances now, my comment above says something about setTimeout right after the POST. Not sure, but now it works.

CORS - Cross POST Domain for HTTP with HTTPS

More articles: