Mixed Content blocked client/server

Bleftin · October 2, 2020, 9:19am

Hello,
I developed a local server (where the purpose is to be on a local computer) in Node.JS and created a graphical interface, a client for this server, in REACT.JS. I was trying to host this interface on netlify, until then without any problems. However, the communication between the server and the client does not happen because the server was implemented in http and the client being hosted on netlify is https. With this, the communication cannot be established. The error that appears to me is this:

Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS.

The connection between server and client is supported via socket.io as such, and if I am not mistaken the communication can only be done via http.

Is there anything I can do?

Any help is welcome.

luke · October 2, 2020, 9:19am

Hi, @Bleftin. Do you have a custom domain configured to point to the HTTP-only API? (I’m just going to call it “the API” from here on.)

If so, you might just set up SSL for that API. If you have a custom domain name configured for the API, you can probably (almost certainly) run certbot on that system to get a Let’s Encrypt SSL certificate for that specific domain name the API is using.

There is more about certbot here:

It is quite user friendly for a CLI tool and if there are questions (I have some experience with certbot) I would be happy to troubleshoot here.

Other solutions without installing SSL on the API itself involve setting up a proxy to provide SSL:

There might be a way to allow the connection to HTTP ( but even if this can be done I still wouldn’t recommend it). For example, you might try a proxy redirect from HTTPS to HTTP but I’ve not tested this and it could be a waste of time.

At the end of the day, the EFF created the HTTPS Everywhere campaign for good reason and I’d still encourage you just to get some SSL - any SSL - instead of trying to make it work without.

If there are questions about any of this, please let us know.