0

I have ASP.NET MVC web application in http I want to convert it to https. I have change in code from http to https but after deployed on internet I had some javascript library errors , example :

Mixed Content: The page at 'https://MySite/' was loaded over HTTPS, but requested an insecure script 'http://code.jquery.com/jquery-2.1.3.min.js'. This request has been blocked; the content must be served over HTTPS.

What is solution?

Improve this question
2

2 Answers 2

Reset to default
4

When HTTPS is enabled, all your assets have to be requested over HTTPS as well, otherwise you get mixed-content warnings as both secured and unsecured elements are being served up on a page that should be completely encrypted. Switch to HTTPS:

<script src="https://code.jquery.com/jquery-2.1.3.min.js"></script>

You can also use protocol-relative URLs, i.e. instead of:

<!-- this.. -->
<script src="http://code.jquery.com/jquery-2.1.3.min.js"></script>
<!-- ..or this -->
<script src="https://code.jquery.com/jquery-2.1.3.min.js"></script>

You can instead use:

<script src="//code.jquery.com/jquery-2.1.3.min.js"></script>

Using the protocol-relative syntax, the resource will load in HTTP when requested from a non-secure page, and HTTPS when requested from a secure one.

The downfall to this is that using protocol-relative schemes on non-secure pages will retrieve cross-origin assets in a non-secure fashion. This means that you could be missing out on benefits that HTTPS provides when requesting (for example) resources from a CDN, such as receiving the assets over HTTP/2*. As you're going full HTTPS this is not an actual concern, so use it at your own discretion.

*HTTP/2 does not require the use of encryption (e.g. TLS), but some implementations have stated that they will only support HTTP/2 when it is used over an encrypted connection, and currently no browser supports HTTP/2 unencrypted. (HTTP/2 FAQ)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

When you have an https site you should load all your JavaScript content (if they're external links) through https

reference:

https://code.jquery.com/jquery-2.1.3.min.js

instead of: 

http://code.jquery.com/jquery-2.1.3.min.js

The answer is as simple as that!

Improve this answer

1 Comment

if you go to it on the browser it loads fine.. which means it is loading the JavaScript.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.