I made a script on my website that accesses a table on a different website. However, the other website is HTTP so chrome is telling me "This request has been blocked; the content must be served over HTTPS."

$.get('', null, function searchKD () { /*function*/ });

So what I'm asking is: how can I access elements on a different website even if it's not HTTPS.

I made a script on my website that accesses a table on a different website. However, the other website is HTTP so chrome is telling me "This request has been blocked; the content must be served over HTTPS."

$.get('http://www.kanjidamage./kanji', null, function searchKD () { /*function*/ });

So what I'm asking is: how can I access elements on a different website even if it's not HTTPS.

• javascript
• jquery
• greasemonkey
• tampermonkey

Share Improve this question Follow edited Jun 19, 2017 at 1:35 Brock Adams 93.7k2323 gold badges241241 silver badges305305 bronze badges asked Jun 19, 2017 at 0:44 user5287133user5287133

Add a ment  | 

4 Answers 4

Sorted by: Reset to default 6

You have this tagged as tampermonkey. If that is the case, use it.

Tampermonkey allows one to bypass "mixed active content" restrictions by using GM_xmlhttpRequest^Doc.

So this plete Greasemonkey/Tampermonkey script works fine:

// ==UserScript==
// @name     _Mixed content AJAX
// @match    https://stackoverflow./questions/44620859/*
// @require  http://ajax.googleapis./ajax/libs/jquery/2.1.0/jquery.min.js
// @grant    GM_xmlhttpRequest
// @connect  kanjidamage.
// ==/UserScript==

GM_xmlhttpRequest ( {
    method: "GET",
    url: "http://www.kanjidamage./kanji",
    onload: function (response) {
        console.log (response.responseText);
    }
} );

You either need to build a proxy, something server side that will get the remote content, and return it, or connect over https.

In PHP (For example), you could create a simple "kanji.php":

<?php

echo file_get_contents('http://www.kanjidamage./kanji');

?>

My suggestion:

Just download the page, strip the content you don't need (Like the header/footer), and then serve it locally. It seems like a simple enough page.

Yeah, both sites must use https, or else it defeats the purpose. Some content is encrypted & some is not. You could potentially send information that should be secured like a credit card number to an unsecured source.

If you have access to your server code. You can make a route that makes the request to the unsecured http domain. This way all your frontend requests point to the same domain, and the browser is happy as all requests are https.

you can try this :

$.get('//www.kanjidamage./kanji', null, function searchKD () { /*function*/ });