Failed to load resource net ERR INSECURE RESPONSE

Question

IS there a way to trick the server so I don t get this error   Content was blocked because it was not signed by a valid security certificate     I m pulling an iframe of an html website into another website but I keep getting the console  chrome  error in the title of this question and in internet explorer it says   Content was blocked because it was not signed by a valid security certificate

User · Answer

Offering another potential solution to this error.

If you have a frontend application that makes API calls to the backend, make sure you reference the domain name that the certificate has been issued to.

e.g.

https://example.com/api/etc

and not

https://123.4.5.6/api/etc

In my case, I was making API calls to a secure server with a certificate, but using the IP instead of the domain name. This threw a Failed to load resource: net::ERR_INSECURE_RESPONSE.

User · Answer

I still experienced the problem described above on an Asus T100 Windows 10 test device for both  up to date  Edge and Chrome browser   Solution was in the date time settings of the device  somehow the date was not set correctly  date in the past   Restoring this by setting the correct date  and restarting the browsers  solved the issue for me  I hope I save someone a headache debugging this problem

User · Answer

Sometimes Google Chrome throws this error  even if it should not  I experienced it when Chrome had a new version  and it needed to be restarted  After restarting the same page worked without any errors  The error in the console was   net  ERR INSECURE RESPONSE

User · Answer

If you re developing  and you re developing with a Windows machine  simply add localhost as a Trusted Site   And yes  per DarrylGriffiths  comment  although it may look like you re adding an Internet Explorer setting        I believe those are Windows rather than IE settings  Although MS tend to assume that they re only IE  hence the alert next to  Enable Protected Mode   that it requries restarted IE

User · Answer

Try this code to watch for  and report  a possible net  ERR INSECURE RESPONSE  I was having this issue as well  using a self-signed certificate  which I have chosen not to save into the Chrome Settings  After accessing the https domain and accepting the certificate  the ajax call works fine  But once that acceptance has timed-out or before it has first been accepted  the jQuery ajax   call fails silently  the timeout parameter does not seem help and the error   function never gets called   As such  my code never receives a success   or error   call and therefore hangs  I believe this is a bug in jquery s handling of this error  My solution is to force the error   call after a specified timeout   This code does assume a jquery ajax call of the form jQuery ajax  url  required  success  optional  error  optional  others ajax params  optional       Note  You will likely want to change the function within the setTimeout to integrate best with your UI  rather than calling alert     const MS FOR HTTPS FAILURE   5000    orig ajax     ajax    ajax   function params      var complete   false    var success   params success    var error   params error    params success   function         if  complete          complete   true        if success  success apply this arguments               params error   function         if  complete          complete   true        if error  error apply this arguments               setTimeout function         if  complete          complete   true        alert  Please ensure your self-signed HTTPS certificate has been accepted              params url         if params error          params error                 Connection failure              Timed out while waiting to connect to remote resource                 Possibly could not authenticate HTTPS certificate                 MS FOR HTTPS FAILURE        orig ajax params

User · Answer

This problem is because of your https that means SSL certification  Try on Localhost

User · Answer

Your resource probably use a self-signed SSL certificate over HTTPS protocol  Chromium  so Google Chrome block by default this kind of resource considered unsecure   You can bypass this this way     Assuming your frame s URL is https   www domain com  open a new tab in chrome and go to https   www domain com  Chrome will ask you to accept the SSL certificate  Accept it  Then  if you reload your page with your frame  you could see that now it works   The problem as you can guess  is that each visitor of your website has to do this task to access your frame   You can notice that chrome will block your URL for each navigation session  while chrome can memorise for ever that you trust this domain   If your frame can be accessed by HTTP rather than HTTPS  I suggest you to use it  so this problem will be solved

User · Answer

open up your console and hit the URL inside  it ll take you to the API page and then in the page accept the SSL certificate  go back to your app page and reload   remember that SSL certificates should have been issued for your Dev environment before

[iframe] Failed to load resource: net::ERR_INSECURE_RESPONSE

Examples related to iframe

Examples related to ssl-certificate

Examples related to chromium

Examples related to self-signed