Hey there! I’m trying to pull data from an API that I have already enabled CORS. It’s enabled to all endpoints. But when I try to pull data I’m getting this error:
Mixed Content: The page at 'https://cootrandesenv.tjdft.jus.br/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://cootrandesenv-api.tjdft.jus.br/api/v1.0/contratos/'. This request has been blocked; the content must be served over HTTPS.
I have the contentSecurityPolicy set like this:
contentSecurityPolicy: {
'default-src': "'none'",
'script-src': "'self' 'unsafe-eval' *.googleapis.com maps.gstatic.com",
'font-src': "'self' fonts.gstatic.com",
'connect-src': "'self' maps.gstatic.com",
'img-src': "'self' *.googleapis.com maps.gstatic.com csi.gstatic.com",
'style-src': "'self' 'unsafe-inline' fonts.googleapis.com maps.gstatic.com"
},
And I have the ENV.APP.api
set like this:
if (environment === 'development') {
ENV.APP.api = 'https://cootrandesenv-api.tjdft.jus.br';
}
if (deployTarget === 'desenv') {
ENV.APP.api = 'https://cootrandesenv-api.tjdft.jus.br';
}
if (deployTarget === 'homolog') {
ENV.APP.api = 'https://cootranhomolog-api.tjdft.jus.br';
}
if (deployTarget === 'prod') {
ENV.APP.api = 'https://cootran-api.tjdft.jus.br';
}
if (environment === 'test') {
ENV.APP.api = 'https://cootrandesenv-api.tjdft.jus.br';
// Testem prefers this...
ENV.locationType = 'none';
// keep test console output quieter
ENV.APP.LOG_ACTIVE_GENERATION = false;
ENV.APP.LOG_VIEW_LOOKUPS = false;
ENV.APP.rootElement = '#ember-testing';
}
And my adapter looks like this:
//app/adapters/application.js
import DS from 'ember-data';
import Ember from 'ember';
import ENV from '../config/environment';
import {
pluralize
} from 'ember-inflector';
export default DS.JSONAPIAdapter.extend({
host: ENV.APP.api,
namespace: ENV.APP.names
});
Here’s the API response’s headers when I access this through the browser:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:*
Access-Control-Allow-Origin:*
Content-Length:13780
Content-Type:application/vnd.api+json
Date:Mon, 13 Nov 2017 19:54:31 GMT
Server:nginx/1.6.2
But here’s what’s happening with the Ember app:
The first request seems correct but then it’s canceled. I think that’s all set to use https
but I’m still getting these erros. Does somebody knows what I’m missing here?
Thank you!