All geek questions in one place

JQuery ajax https calls the command ERR_INSECURE_RESPONSE

I am trying to make a https CORS ajax call from jquery to a node.js process. However, when the call is made, chrome complains about the OPTIONS https://localhost/ net::ERR_INSECURE_RESPONSE console OPTIONS https://localhost/ net::ERR_INSECURE_RESPONSE .

Look at a similar question, Cross-domain request from HTTP to HTTPS will immediately stop . I should be able to cross-origin https ajax calls if I import the certificate I signed myself. So I imported the certificate for chrome. I can see the certificate on the Chrome certificates tab in the "Authority" section. But it still fails when I try to make an ajax call.

Here's how I made the private key: openssl genrsa -out domain.key 4096

Now certificate: openssl req -x509 -sha512 -nodes -newkey rsa:4096 -keyout domain.key -out domain.crt

For the common name, I put the IP address of the computer, so chrome will not complain about URL mismatch.

Here is the html page.

 <!DOCTYPE html> <html> <title>BlackBox</title> <head> <meta charset="utf-8"> <script src="jquery-1.11.2.min.js"></script> <script src="bootstrap-3.3.4-dist/js/bootstrap.min.js"></script> <script src="login.js"></script> </head> <body> <div class="container-fluid"> <div class="row"> <div class=col-md-4> <h2> Welcome to BlackBox</h2> <label>username</label> <input type="text" name="username" id="username"> <label>password</label> <input type ="text" name="password" id="password"> <input type="button" id="loginbtn" value="Login"/> <div class="container"> <div class="row"> <div class="out"></div> </div> </div> </div> </div> </div> </body> </html>

This is javascript that comes with html.

  $(document).ready(function() { $('#loginbtn').click(clickLogin); function clickLogin() { var username = $('#username').val(); var password = $('#password').val(); if(password == '' || username == '') { $(".out").html("Empty username or password"); } else { $.ajax({ type: "PUT", url: "https://localhost/", contentType: "application/json", data: JSON.stringify({ username: username, password: password, }), dataType: "text", }) } }; });

And finally, here is the node process that serves both html and javascript and is supposed to accept ajax calls.

 const fs = require("fs"); const http = require('http'); const https = require('https'); var loginPage = fs.readFileSync('login.html'); var loginPageJs = fs.readFileSync('login.js'); var jquery = fs.readFileSync('jquery-1.11.2.js'); var bootstrap = fs.readFileSync('bootstrap-3.3.4-dist/js/bootstrap.min.js') var options = { key: fs.readFileSync('domain.key'), cert: fs.readFileSync('domain.crt') }; http.createServer(function(req, res) { res.writeHead(301, {Location: 'https:192.168.1.58/'}) res.end(); }).listen(80); https.createServer(options, function(req, res) { if(req.method === 'GET' && req.url === '/') { res.writeHead(200, "OK", {'Content-Type': 'text/html'}); res.write(loginPage); res.end(); } else if(req.method === 'GET' && req.url === '/login.js') { res.writeHead(200, "OK", {'Content-Type': 'application/javascript'}); res.write(loginPageJs); res.end(); } else if(req.method === 'GET' && req.url === '/jquery-1.11.2.js') { res.writeHead(200, "OK", {'Content-Type': 'application/javascript'}); res.write(jquery); res.end(); } else if(req.method === 'GET' && req.url === '/bootstrap-3.3.4- dist/js/bootstrap.min.js') { res.writeHead(200, "OK", {'Content-Type': 'application/javascript'}); res.write(bootstrap); res.end(); } else if(req.method === "OPTIONS" && req.url === '/') { res.writeHead(204, "No Content", { "access-control-allow-origin": origin, "access-control-allow-methods": "GET, POST, PUT, DELETE, OPTIONS", "access-control-allow-headers": "content-type, accept", "access-control-max-age": 10, "content-length": 0 }); var requestBodyBuffer = []; req.on("data", function(chunk) { requestBodyBuffer.push(chunk); }) req.on("end", function() { var requestBody = requestBodyBuffer.join(""); var obj = JSON.parse(requestBody); if(obj.hasOwnProperty('username') && obj.hasOwnProperty('password')) { console.log(obj.username); console.log(obj.password); } }) } }).listen(443);
+6
source share
1 answer

I recently wrote a whois search application, and I also had this problem, but finally, after checking all the features, it worked correctly.

This is a useful article for creating self-signed certificates:

https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

*** Comment in code will help you ****

index.js Code:

  function checkAvailability(domainParsed) { $.ajax({ method : "GET", url : "https://localhost:55555/check", // Pay attention To This Line "Content-Type" : "application/json", data : {domain : domainParsed , array : postFixesArray } }).done(function(data) { availableDomanisToShow = data.availableDomains; registeredDomanisToShow = data.registeredDomains; }); }

server.js Code:

 var bodyParser = require("body-parser") ; var unirest = require('unirest'); var https = require('https'); var http = require('http'); var fs = require('fs'); var express = require('express'); var app = express(); var registeredDomains = []; var availableDomains = []; var counter = 0 , i = 0; app.use(bodyParser.json({ type: 'application/json'})) ; app.use(bodyParser.urlencoded({ extended:true })) ; app.use(function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); // Pay attention To This Line --> Cross domain request res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); // Pay attention To This Line --> Cross domain request next(); }); app.use("/check",function(req,resp,next) { var fqdn,postfix; availableDomains = []; registeredDomains = [] while( i < req.query.array.length) { fqdn = req.query.domain + req.query.array[i]; postfix = req.query.array[i]; checkAvailability(fqdn,postfix,req.query.array.length); console.log(req.query.array.length) i++; } function checkAvailability(domain,postfix,length) { unirest.get('https://jsonwhois.com/api/v1/whois').headers({ 'Accept': 'application/json', 'Authorization': 'Token token=238d7da7fac57882a176cb14411d781a' }).query({ "domain" : domain }).end(function(response) { console.log(domain , response.body['available?']); if(true != response.body['available?']) { registeredDomains.push(postfix); counter++; if(counter == length) { counter = 0 ; i = 0; resp.json( { "registeredDomains" : registeredDomains , "availableDomains" : availableDomains } ); } } else { availableDomains.push(postfix); counter++; if(counter == length) { counter = 0 ; i = 0; resp.json( { "registeredDomains" : registeredDomains , "availableDomains" : availableDomains } ); } } }); } }); https.createServer({ key: fs.readFileSync('key.pem'), cert: fs.readFileSync('cert.pem') }, app).listen(55555); http.createServer(app).listen(8000); console.log("httpsServer are Listening on " + 55555); console.log("httpServer are Listening on " + 8000);
0
source

Source: https://habr.com/ru/post/984814/

More articles:


All Articles