A module which is specified to be imported using HTTPS is sometimes blocked by browser because the browser loads it over HTTP
I developed a website for internal company use using Vue.
There is only one library in the project that is imported through an external CDN:
<script setup>
import { encode as encodeJPEG } from "https://unpkg.com/@jsquash/jpeg@1.4.0?module";
</script>
The site has been working fine for over a year, but recently I received reports that the site wasn't displaying. When investigating, I found the following error in the console:
Mixed Content: The page at 'https://~.com/' was loaded over HTTPS, but requested an insecure script 'http://unpkg.com/@jsquash/jpeg@1.4.0/index.js?module'. This request has been blocked; the content must be served over HTTPS.
The most common solution I found when searching Stack Overflow was to add the following header:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />
Since I only imported the external CDN for development convenience, I've resolved the issue by building the library and serving it as an internal resource.
However, I'm curious about why the browser attempted to download via HTTP when the project's build output (obviously) specifies importing the library via HTTPS protocol?
Below image shows the code after being built in Vue.
The error appears temporarily and disappears when refreshing the page later.
I apologize that I cannot provide a site to reproduce the error, as the site works normally most of the time.
It can be seen what happens exactly with a request in network tab, and you can place breakpoints in call stack mentioned in the error if there is programmatic mistake.
There's no such behaviour in general. It would be possible if a website (unpkg) redirects https to http. Here at least one redirect happens for index.js entry point,
unpkg.com/@jsquash/jpeg@1.4.0?module to unpkg.com/@jsquash/jpeg@1.4.0/index.js?module. Due to the volatile nature of the problem it can be assumed this is the case. There is a known recent issue with unpkg.
- Vue transition animation with router-view only works for the first transition
- Vue 3 – <Transition> renders non-element root node that cannot be animated
- VueJs: How to correctly register vue router?
- What is the difference between module and scoped styles in Vue?
- How to use animate.css animations with Vue's Transition and TransitionGroup components
- Dynamic Alias Configuration in Quasar/Vite's extendViteConf Fails with Environment Variables
- Vue Ag-grid - cellRendererFramework: passing down props
- VUE.JS receive a json file from url via axios in webpack-simple
- Error [ERR_UNSUPPORTED_ESM_URL_SCHEME]: Only file and data URLs are supported by the default ESM loader - Vue 3
- getElementById inside the vue js mounted life cycle hooks results in null
- How to add a link to download a pdf file nuxt?
- Building for vue2 and vue3 in monorepo: Version mismatch error from vue-template-compiler
- Vue-query returned data is read only. How to make it mutable?
- Vue.js - Using parent data in component
- How to display static pdf url with vue-pdf-embed library on production
- vite Internal server error: Codegen node is missing for element/if/for node. Apply appropriate transforms first
- Property 'env' does not exist on type 'ImportMeta'.ts(2339)
- How to Add Gap Between Button Dropdown and Card in Vue Quasar
- is client side authentication "like on SPAs" just a lie to prevent users who choose to believe it from playing with the data on the back end?
- Vue class-based-components Extends And Mixins
- Why kebab-case non-standard attributes are allowed while others aren't? And how to define types like this in TypeScript?
- Display Cordova "console.log" entries in Android Studio
- InertiaJS file upload doesn't work with PUT method
- Vue / Pinia / Typescript calling class instance method in Pinia store results in error
- Access vue-i18n messages as object
- How to programmatically change current page on PrimeVue Paginator component?
- Vue direct URL is not working, only router-link click
- Vue3 build error: At least one <template> or <script> is required in a single file component
- How to mouseover / hover for one item in a list in Vue?
- Vue JS waiting for data before rendering