I'm developing a plugin for a third party's checkout page, which checks an ID against another third party's API. The flow goes something like this:
Checkout (Secure) - My Server (Insecure) - Private API (Insecure)
Through JS, my plugin makes a get recuest to my server, which in turns makes a get request to the private server. My server processes that info and then responds accordingly.
The problem is that, the Checkout page doesn't get my server's response because of mixed content.
Now I understand why this happens. So my question is: if I secure my server, will it solve this issue? or will it continue complaining (because of that last insecure link)?
Thank you very much.
If you secure your server, with HTTPS traffic instead of HTTP, then browsers will not show you mixed content errors anymore.
Here is an excerpt from an article on the Globalsign blog about mixed-content (the original url no longer works).
A mixed-content warning means that there are both secured and unsecured elements being served up on a page that should be completely encrypted. Any page using an HTTPS address must have all of the content within coming from a secured source. Any page that links to an HTTP resource is considered insecure and is subsequently flagged by your browser as a security risk.