Skip to content Skip to sidebar Skip to footer

Cross Domain Request From Http To Https Aborts Immediately

I'm trying to make Cross-Domain webservice calls from an HTTP page to an HTTPS service. I have set up the proper CORS headers on the server (it works with HTTP-HTTP and HTTPS-HTTPS

Solution 1:

Ok, I figured it out. The certificate I'm using for the HTTPS domain is self-signed and unverified. Adding it to the list of trusted third-party authorities fixed it for me.

You can install the certificate in Windows 7 through IE. This worked for me: http://productforums.google.com/forum/#!topic/chrome/bds-Ao9LigA%5B1-25%5D post by zacharysyoung 2/11/09 Make sure you run IE(9) as administrator or the install will fail even-though it says it installed it correctly.

  1. Open Internet Explorer (IE) and navigate to the site hosting the self-signed certificate.
  2. IE should display a page warning that, 'There is a problem with this web site's security certificate.'
  3. Click the, 'Continue to this website (not recommended)' link.
  4. Once the page has loaded, look to the right of the address bar. A red/pink button, labeled 'Certificate Error,' should be visible. Click that button.
  5. A pop-up, titled 'Untrusted Certificate,' will appear. Click the 'View certificates' link at the bottom of the pop-up.
  6. Another pop-up, titled 'Certificate,' will appear. Click the 'Install Certificate...' button.
  7. The 'Certificate Import Wizard' will be started. Click the 'Next' button.
  8. ** For XP: a. Leave 'Automatically select the certificate...' option selected, and click the 'Next' button. ** For Vista: a. Choose 'Place all certificates in the following store' option, and click the 'Browse' button. b. Click the 'Show physica stores' checkbox. c. Expand the 'Third-Party Root Certification Authorities' folder, and choose 'Local Computer'. Click the 'OK' button. d. Click the 'Next' button.
  9. This should display the 'Completing the Certificate Import Wizard' dialog. Click the 'Finish' button.
  10. A 'Security Warning' pop-up will appear. The warning is informing you that the certificate's origin cannot actually be validated. You should know where the certificate is coming from. If you do, click the 'Yes' button to install the certificate.
  11. A final pop-up informing you that, 'The import was successful,' will be displayed. Click the 'OK' button.
  12. Restart/Open Chrome and navigate to the site in question. You should not be greeted by the security warning page.

Aside from that, I think I may have discovered a bug in Chrome. See: https://code.google.com/p/chromium/issues/detail?id=141839

Solution 2:

It might be easier to setup something like easyXDM. It is rather quick to get going and will do all the backwards compatibility for you (all the way to IE6). It might not be the home-grown solution you are looking for but if you want cross-domain (where you have access to both sides) in a hurry it fits the bill.

You could always write your own iframe (postMessage) interface but why re-invent the wheel (and don't forget to set your document.domain if you are using different sub-domains).

Post a Comment for "Cross Domain Request From Http To Https Aborts Immediately"