问题
I know there is an almost duplicate question, but the answer is not satisfactory at all.
I need to do geocoding using the Openstreetmap service which runs over HTTP.
My site runs over HTTPS.
It seems impossible to do JSONP request from https to http, browser (Chrome) complains about insecure content.
Any solutions?
回答1:
The reason that the browser complains about insecure content is that the content is insecure. The entire purpose with a secure page is that all of it is secure, and can be trusted.
You can set up a proxy page in your secure site that requests the insecure content. There you should verify the content before it's sent to the browser, so that it is actually secure, not just pretending to be secure.
回答2:
If you want to make a POST request to an external service that runs under HTTP while the initial request is coming from HTTPS it will always be considered as insecure. There's, as far as I know, no way around it.
What you can do, is POST to your backend which send another POST request to the service that is running under HTTP. From there just return the value returned by the HTTP service.
回答3:
For whom it may concern, this is how I sorted it out myself.
1) my Javascript code calls an AJAX page on my server with the parameter I need to forward to the service
2) the AJAX page makes a request via CURL using the address
3) I sanitize the response and turn it into JSON
4) with Javascript's callback-on-success I use the data
来源:https://stackoverflow.com/questions/12211947/is-it-possible-to-make-a-jsonp-request-from-https-to-http