Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

JavaScript Asynchronous Programming with JavaScript Asynchronous JavaScript with Callbacks Implement a Callback

Ash Borkar
Ash Borkar
1,738 Points

Is the astrosUrl out of date? I get an error saying the request made to that API is an insecure request.

callbacks.js:16 Mixed Content: The page at 'https://port-80-n4u0tk2cso.ecs-production.treehouse-app.net/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://api.open-notify.org/astros.json'. This request has been blocked; the content must be served over HTTPS.

I changed the url from http to https but then I get a 'Connection Refused' error.

callbacks.js:16     GET https://api.open-notify.org/astros.json net::ERR_CONNECTION_REFUSED

4 Answers

Steven Parker
Steven Parker
231,268 Points

Someone had this same issue just a few days ago.

The request is insecure, but that's normal and correct for that service. The error is a result of your browser settings. Newer browsers, specifically those created after this course was released, generally don't allow mixed content (secured via https and insecure via http) by default. If you change your browser settings to allow insecure content (instead of blocking it), the requests will be accepted and processed.

This is less than idea, though thank you for the helpful answer.

Type about:config in the Firefox address bar and press Enter. Accept the warning and proceed. Search for security.mixed_content.block_active_content. Double-click on it to change its value to false.

This worked for me on firefox

I'm still getting this error even after allowing insecure content in Chrome. Any idea what may be causing this still?

Nat Feibish
seal-mask
.a{fill-rule:evenodd;}techdegree
Nat Feibish
Full Stack JavaScript Techdegree Student 4,830 Points

Wait... so what is the workaround for this to be secure? I won't be able to ask all my users to change their browser settings.

Steven Parker
Steven Parker
231,268 Points

Some browsers (such as Chrome) allow you to change this setting on a per-site basis. In my Chrome settings I allow mixed content only for the treehouse workspace servers.

Allowed to show insecure content:
                                   [*.]ecs-production.treehouse-app.net
Steven Parker
Steven Parker
231,268 Points

I'm sure there are many API's that only operate insecurely, which is not a problem in itself since they don't require or output any personal information. To avoid users needing to adjust their browsers, you'll just have to be sure you never reference any of them if your main site uses security, OR you could program your back-end to access the API itself and then pass the data along using your secure connection.