Cross Browser errors with HTTP and HTTPS for same domain name

Posted 1 year ago by longestdrive

Hi

I'm a bit confused about an error that appears to be popping up and I'm not sure of the nest way to resolve

I have a SSL certificate on the main site

When a user visits a particular page a feed for a calendar is request via ajax get method.

my routes do not specify the route as secure and generally just use the Route::get or Route::post methods.

In my routes file I have added:

if (App::environment() == 'deployed') {
 \URL::forceScheme("https");
}

Route::get('eventslist', array('uses' => '[email protected]', 'as'=>'calendar.feed'));

I can't get the url of the call to the feed to work properly and align itself with the parent page. ie the parent at the moment can be called as either https or http - I can't seem to force always as https.

so at anyone time the parent page may be called as https whilst the feed gets called as http so it gets blocked

I've researched CORS but don't fully understand the solution and if I install the CORS package does that make my site less secure with no CSFR?

Thanks

Please sign in or create an account to participate in this conversation.

Reply to

Use Markdown with GitHub-flavored code blocks.