Insecure Reponse on https access with ExpressJS/NodeJS

时间:2015-10-30 22:22:15

标签: angularjs node.js express xmlhttprequest

I keep having this recurring issue on a custom site that I built over wamp.

I followed instructions on how to generate a self-signed certificate and private key for ssl. Then I use, nodejs/expressjs to create an https server for which to use a web api for the data on my site. I am then employing angularjs to display the data.

Now the confusing part is that sometimes, it works on Google Chrome. However, it definitely fails on firefox, opera and Microsoft Edge.

On the angularjs file i have this:

testControllers.controller('summoner-by-name', ['$scope', '$http', '$resource', function($scope, $http, $resource) {
$scope.summonerName = {text: 'abc'};    
$scope.items = regions; 
$scope.submit = function ()
{
    setTimeout(function() {
            data = {"summonerName": $scope.summonerName.text, "region": $scope.items.selectedOption.name, "PID": "000"};
                $http({
                    method: 'POST',
                    url: 'https://localhost:3030/custom_Project',
                    dataType: "json",
                    headers: {
                        "Content-Type": "application/json",
                        "Content-Length": data.length
                    },
                    data: data 
                }).then(function(response) {
                    $scope.posts = response.data;
                });
    }, 1000);
}
}]);

...

On the node js file, i have this:

app.use(function (req, res, next) {

res.setHeader('Access-Control-Allow-Origin', 'https://custom_site.com');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
res.setHeader('Access-Control-Allow-Credentials', true);
next();
});

var options = {
key: fs.readFileSync('C:/wamp/www/custom_Project/ssl_certs/private.key'),
cert: fs.readFileSync('C:/wamp/www/custom_Project/ssl_certs/public.crt'),
ca: fs.readFileSync('C:/wamp/bin/php/php5.5.12/cacert.pem'),
};

app.post('/custom_Project', function (req, res) {

...

}

https.createServer(options, app).listen(3030);

The following are the messages that I receive on the console when trying to retrieve data from the nodejs/expressjs server:

Microsoft Edge:

SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.

Firefox:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:3030/custom_Project. (Reason: CORS request failed).

Opera (and occasionally on Chrome):

OPTIONS https://localhost:3030/custom_Project net::ERR_INSECURE_RESPONSE

I'm under the assumption its because of the certificate being self-signed but I could be wrong. Any ideas?

1 个答案:

答案 0 :(得分:0)

我找到了解决我遇到的问题的方法。

对于firefox和opera,我在开发人员工具的网络选项卡上跟踪了错误。由于证书问题,请求未通过节点js脚本。因此,使用这些浏览器,我导航到https://localhost:3030/custom_Project

提示告诉我该网站不受信任并导航到该网站,我不得不将其添加到可信站点列表中。在这之后,我运行了ajax post调用,它成功地向我展示了结果。

然而,Edge并没有给我任何运气。它在左上角有一个错误,说该网站不受信任,我不能像firefox,opera和chrome那样做。

相关问题
最新问题