Downloading a script from HTTP is automatically converted to HTTPS for some users

Question

I am trying to load socket.io using the following code:

<script src="http://cdn.socket.io/socket.io-1.4.5.js"></script>

However, some users reported me the following error:

Failed to load https://cdn.socket.io/socket.io-1.4.5.js ERR_SSL_PROTOCOL_ERROR

Is this an automatic security setting in modern browsers? And if it can be disabled?

+4

user3024235 Mar 01 '17 at 4:22

3 answers

, , , https- . - :

<script src="//cdn.socket.io/socket.io-1.4.5.js"></script>

<script src="https://cdn.socket.io/socket.io-1.4.5.js"></script>

( HTTP), .html .htm -.

+1

Jack Pilowsky 01 . '17 4:35

The link doesn't work at all. Is this a private link requiring certification?

If you just want socket.io.js, use the link from https://cdnjs.com/libraries/socket.io

0

Chris chen Mar 01 '17 at 4:30

gyre · Accepted Answer · 2017-03-01T04:39:56+0000

The problem is not your mistake!

Access to this link in my browser also failed, and checking for an unsuccessful request shows that the following header was set:

Upgrade-Insecure-Requests: 1

This tells the browser to update all URLs http://to https://what seems to reflect the error your users are reporting.

ERR_SSL_PROTOCOL_ERROR , SSL https://cdn.socket.io/ , , , ( ) , , . "" , , , URL-.

<script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.5/socket.io.min.js"></‌script>