Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialAsh Borkar
1,738 PointsIs the astrosUrl out of date? I get an error saying the request made to that API is an insecure request.
callbacks.js:16 Mixed Content: The page at 'https://port-80-n4u0tk2cso.ecs-production.treehouse-app.net/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://api.open-notify.org/astros.json'. This request has been blocked; the content must be served over HTTPS.
I changed the url from http to https but then I get a 'Connection Refused' error.
callbacks.js:16 GET https://api.open-notify.org/astros.json net::ERR_CONNECTION_REFUSED
4 Answers
Steven Parker
231,272 PointsSomeone had this same issue just a few days ago.
The request is insecure, but that's normal and correct for that service. The error is a result of your browser settings. Newer browsers, specifically those created after this course was released, generally don't allow mixed content (secured via https and insecure via http) by default. If you change your browser settings to allow insecure content (instead of blocking it), the requests will be accepted and processed.
Mohammed Riyazuddin
2,509 PointsI'm still getting this error even after allowing insecure content in Chrome. Any idea what may be causing this still?
Nat Feibish
Full Stack JavaScript Techdegree Student 4,830 PointsWait... so what is the workaround for this to be secure? I won't be able to ask all my users to change their browser settings.
Steven Parker
231,272 PointsSome browsers (such as Chrome) allow you to change this setting on a per-site basis. In my Chrome settings I allow mixed content only for the treehouse workspace servers.
Allowed to show insecure content:
[*.]ecs-production.treehouse-app.net
Nat Feibish
Full Stack JavaScript Techdegree Student 4,830 PointsYes, but we canβt ask all users to do that. Fortunately Iβve been told this is only an issue with this API.
Steven Parker
231,272 PointsI'm sure there are many API's that only operate insecurely, which is not a problem in itself since they don't require or output any personal information. To avoid users needing to adjust their browsers, you'll just have to be sure you never reference any of them if your main site uses security, OR you could program your back-end to access the API itself and then pass the data along using your secure connection.
Richard Morrison
6,156 PointsRichard Morrison
6,156 PointsThis is less than idea, though thank you for the helpful answer.
Dagim Alemu
6,398 PointsDagim Alemu
6,398 PointsType about:config in the Firefox address bar and press Enter. Accept the warning and proceed. Search for security.mixed_content.block_active_content. Double-click on it to change its value to false.
This worked for me on firefox