Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Mixed Content: The page was loaded over HTTPS, but requested an insecure resource

See original GitHub issue

My application works locally but when it comes time to deploy I get the following issue in the Chrome developer console.

Mixed Content: The page at 'MY URL' was loaded over HTTPS, but requested an insecure resource 'http://localhost:4000/graphql'. This request has been blocked; the content must be served over HTTPS.

I don’t have any reference to localhost when I deploy so the fact I get this error is driving me crazy.

My deployment bucket is pointing to my domain, and I created a certificate and distribution to have enable HTTPS.

In my handler.js I have the following code and added output.headers['Access-Control-Allow-Credentials'] = 'true'; because from my research this is required to work with HTTPS.

exports.graphqlHandler = function graphqlHandler(event, context, callback) {
    function callbackFilter(error, output) {
        // eslint-disable-next-line no-param-reassign
        output.headers['Access-Control-Allow-Origin'] = '*';
        output.headers['Access-Control-Allow-Credentials'] = 'true';
        callback(error, output);

My YAML looks like this for my app-backend

    handler: handler.graphqlHandler
    - http:
        path: graphql
        method: post
        cors: true
    handler: handler.apiHandler
    - http:
        path: api
        method: get
        cors: true

And just for sanity’s sake this is where I am initializing my Apollo client i replace http://localhost:4000

const networkInterface = createNetworkInterface({ uri: '' });


So chrome blocks blocks my data from being fetch when the site loads, the shield on the address bar shows up and says my site wants to load unsafe scripts, so if I select to load them my app works fine, I think because it is somehow referencing http://localhost:4000/ still because nothing else i am loading is using http. But I do not know how to get away from it.

Issue Analytics

  • State:open
  • Created 6 years ago
  • Comments:13

github_iconTop GitHub Comments

gertstcommented, Oct 10, 2018

I had the same issue and could solve it by changing the siteUrl from http:// to https😕/

kvreemcommented, Feb 2, 2018

@sid88in update I think I successfully submitted a PR for this issue #305

Read more comments on GitHub >

github_iconTop Results From Across the Web

Mixed Content: The page at xxx was loaded over HTTPS, but ...
A “mixed content” error occurs when a page communicating over secure HTTPS contains resources that should be loaded over insecure HTTP. Using the...
Read more >
How to fix a website with blocked mixed content - Web security
If your website delivers HTTPS pages, all active mixed content delivered via HTTP on this pages will be blocked by default.
Read more >
Fixing mixed content -
If your site is published using a content management system, it is possible that links to insecure URLs are inserted when pages are...
Read more >
How to Find and Fix Mixed Content Warnings on HTTPS Sites
According to Google, mixed content occurs when HTML on a website loads over a secure HTTPS connection (thanks to a recently installed SSL ......
Read more >
How to Quickly Fix Mixed Content Warnings (HTTPS/SSL)
If mixed content errors are present, they'll be highlighted in either red or yellow. Typically, they're accompanied by information explaining ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found