I am using the POST method with XMLHttpRequest to get some information from one GLITCH URL with a NodeJS application. It is https:// and I typed the URL correctly. I am passing some parameters but nothing is wrong with that. Any help?
EDIT: I am using the new Microsoft Edge based on Chromium.
var xhr = new XMLHttpRequest();
xhr.open('POST', 'http://www.********.glitch.me/bot?say=1');
xhr.send()
The actual website with the request is a https:// but the other is a http://.
Error:
*The page at ********* was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint *******. This request has been blocked; the content must be served over HTTPS
glitch.me provides an ssl certificate that covers mydomain.glitch.me (a wildcard certificate *.glitch.me; see below info about URLs and ssl certificates)
Your service is using www.mydomain.glitch.me so the ssl certificate is invalid.
You either need to install your own ssl certificate for www.mydomain.glitch.me
OR
Recommended: change your glitch url to fit the format mydomain.glitch.me
Info about SSL Certificates:
Without going in to how they work, they certify that the encrypted data you receive (like a web page) came from the domain in the certificate.
You can get SSL Certificates for a specific domain or a wildcard certificate. Wildcards include any single subdomain of the main domain.
Info about URLs:
Consider https://api.blog.example.com/search?term=example
the protocol is https
There are 2 subdomains: api and blog
The domain is example
The top-level domain is com
The path is search
The query is term=example
This url requires an ssl certificate for api.blog.example.com
IF the url had only 1 subdomain it could use a wildcard certificate: *.example.com
The wildcard certificate would cover https://www.example.com, https://blog.example.com, https://test.example.com, but would NOT cover https://www.blog.example.com because there are 2 levels of subdomain.