Flutter Web on Firebase hosting refused to make API Calls - django

I have a Flutter Web application that I have deployed on Firebase Hosting.
I have a Django backend that I have deployed on an EC2 instance and is running on http.
I have CORS enabled in the backend, tried accessing endpoints via browsers and it works just fine.
But, when I try to make the same call using FlutterWeb, it fails.
And error type of blocked:mixed content appears. (See image below)
I want to call those HTTP endpoints and I don't want an SSL certificate mess because this is just a college project. How do I fix this?
I am using Dio on Flutter Web to make requests. What would be causing this problem?
EDIT:
I am using Firebase's spark plan, obviously since it's a college project. Do I need to upgrade to the blaze plan to enable Egress traffic? If so, how do I make sure that I won't be heavily charged? Any suggestions? UPDATE: I tried the blaze plan and got the same issue.
The console says
Mixed Content: The page at
'https://xxx.web.app/' was loaded over HTTPS, but
requested an insecure XMLHttpRequest endpoint
'http://xxxx.compute-1.amazonaws.com:8000/menu'. This
request has been blocked; the content must be served over HTTPS.
Any way to bypass this?

Related

Over http/s using websocket by routing upgrade than handle it, i couldnt run azure or aws; "failed" during upgrade.. any solution

i m using ws for websocket on backend and rxjs/webSocket on angular, front and backend two saparate apps deployed on cloud with option noServer:true.. over http or https, ws wss with all configuration options i try there is not routing inside upgrade.. i also open websockets in azure conf. or upload ebextensions file and change balancer on aws conf., , not free basic service plan but there is noting change.. none of serving examples explains upgrade routing manually over http/s..
When backend and frontend served localhost works fine.. when just frontend on localhost, backend on cloud ws://http.../ws "GET" for upgrade is last good status seen on headers answer after that server not routing upgrade and answer is "failed"..
Now i try again on GC, after one more disappointment i try same rules in sockjs.. or did socket.io solves problem? or what can i change on backend services?

REST API not working and redirecting with https/ssl

I have build and application with angular 5 and REST API with golang and hosted them on aws ec2 instance, I have installed ssl certificate to run the app and api on https. following is my url structure to run app and api ( api is running on 8080 port
app : https://mysite.maindomain.com
api : https://mysite.maindomain.com:8080
When I hit api after setting up the ip in host file on system it works fine but its not working with aws and redirects to https://mysite.maindomain.com:8080 when I hit any api like https://mysite.maindomain.com:8080/signup or https://mysite.maindomain.com:8080/get-user/10
Nor sure what is the issue here but everything else is working fine
I am using gin gonic as go framework and also have used RunTLS as recommended.
Not sure I fully appreciate the issue, but just in case, have you setup CORS on the API server (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS).
If you run a browser application served from ORIGIN1, and the browser tries to access an API on DESTINATION2, the API server must state to the browser that it is indeed authorized to reply to a browser originating from ORIGIN1.
You can for example use https://github.com/gin-contrib/cors to add CORS support to your API server.
Good luck.

CORS HTTPS-to-HTTP webservice in Chrome Extension

I am writing a 'Content Script' based extension for Chrome that works on GMail (HTTPS). It needs to access a web service on our website, which is currently on HTTP only. Other than getting an SSL, is there any alternative to get an AJAX GET/POST call working between these two?
I think you can : https://developer.chrome.com/extensions/xhr
But be aware that without https someone can see and change everything your extension send or receive with your website.
You should implement https as soon as possible to avoid any security issue.

Disabling HTTPS in Axis2 web service

I have created an Axis2 web service from Netbeans and deployed it successfully in Tomcat 6 on my web server.
When I use for instance SoapUI or Taverna to consume the web service, the server offers both HTTP and HTTPS methods to invoke it. However, using the HTTPS method renders a 404 error. (Probably because there is a server admin panel running on port 8443, but that doesn't matter right now.)
The problem is that my web service clients default to using the HTTPS service. I figured the simplest thing I could do to get the basic service to work, would be to disable the HTTPS endpoint, as the HTTP version runs flawlessly and I don't need the added security. But now I've spent hours on finding out how to do that, without success. The WSDL returned by Axis2 contains entries for HttpsSoap11Endpoint but the WSDL that's bundled in my .AAR file after the build does not.
Does anybody know how to make Axis2 offer just HTTP endpoints?
In axis2.xml, comment out the https transport receiver to disable the HTTPS endpoint.

How to use HTTPS with HttpReceiveHttpRequest()?

I'm using the Windows HTTP API to process web service requests in C++ (not .NET) and everything works just fine for HTTP requests. When I change the URLs I'm expecting with HttpAddUrl to https://example.com:443/foo/bar my tests from Internet Explorer no longer connect. My code does not get called at all and the calls to HttpReceiveHttpRequest don't complete when an HTTPS request comes in.
I created a certificate authority for myself and it is visible inside IE but I can't figure out what to do next.
What do I need to configure to make HTTP.SYS call my code when an HTTPS request comes in?
You'll need to install the SSL cert in the machine store (mmc.exe, add Certificates snap-in, manage the Computer account, import the cert). Then have a go with httpconfig- it's a GUI version of httpcfg/netsh http that's much easier. I have this tool on every server I maintain that has SSL certs. Once that's configured, your SSL server registration should route correctly.