Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
i deployed laravel project on digital ocean this project at local environment work perfect but at server one of ajax call throw the following error
Mixed Content: The page at 'https://school-erp-3fgnz.ondigitalocean.app/user/profile/9' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://school-erp-3fgnz.ondigitalocean.app/user/softdelete/9'. This request has been blocked; the content must be served over HTTPS.
Are you hard coding the AJAX URL in your code? If not how are you making the Ajax call from your JavaScript code?
The error is because the page is loaded through HTTPS (secure connection), and the JavaScript is calling a HTTP endpoint (unsecure connection) which is not allowed in all major browsers at least
@rodrigo.pedra I am calling it from js file
$('.confirmPasswordForm').on('submit',function(e){
e.preventDefault();
$.ajax({
url: $(this).attr('url'),
method: $(this).attr('type'),
data: {password: $('.password-input').val()},
success: (e) => {
window.location.href = $(this).attr('redirect');
},
error: function(e) {
$('.confirm-error').text(e.responseJSON.message);
}
})
});
@Abdalrhman Can you show the HTML for the form with .confimPasswordForm class?
Specifically I want to see how you are constructing the url attribute
<div class="modal fade" id="confirmPassword" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-body d-flex justify-content-center m-3 flex-column align-items-center">
<img src="/assets/images/alert.png" alt="alert_icon" class="model-alert-image">
<p class="mb-3 mt-3">{{__('system.please_confirm_your_password')}}</p>
<form class="confirmPasswordForm w-100" url="" type="post" redirect="">
<input type="password" class="form-control password-input w-100" placeholder="{{__('system.confirm_your_password')}}" name="password"/>
<p class="fs-small text-danger mt-2 mb-2 confirm-error"></p>
<button class="button mt-2 w-100">{{__('system.confirm')}}</button>
</form>
</div>
</div>
</div>
</div>
@Abdalrhman the url is user/softdelete/9 yet the url in that html is empty? Same with redirect?
<form class="confirmPasswordForm w-100" url="" type="post" redirect="">
@Sinnbeck this value is assigned by js when some one submit an action
@abdalrhman Try replacing url: $(this).attr('url'), with url: $(this).attr('https://school-erp-3fgnz.ondigitalocean.app/user/profile/9'),
If that works... figure out why your url is populating as http. Maybe double check the APP_URL in your env is using https?
Are you behind a proxy such as cloudflare?
the problem is solved when i used
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
Please or to participate in this conversation.