프론트는 https로 서비스, apiserver는 http 프로토콜일 경우

오류 : Mixed Content: The page at 'https://domain.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://111.111.111.111:7080/api/svc/v2/projectList?page=1'. This request has been blocked; the content must be served over HTTPS.

 

해결 : 2번으로 해결 (nginx.conf에서 reverse proxy 설정함)

 

The error message you're seeing, "Mixed Content," indicates that your web page was loaded over HTTPS (secure), but it attempted to make an XMLHttpRequest to an insecure HTTP endpoint (http://111.111.111.111:7080/api/svc/v2/projectList?page=1). Modern web browsers block such requests for security reasons because mixing secure and insecure content can lead to security vulnerabilities.

To resolve this error, you should ensure that all resources (including API requests) on your website are loaded securely over HTTPS. In this case, you need to make sure that the API endpoint 'http://111.111.111.111:7080/api/svc/v2/projectList?page=1' is accessible via HTTPS.

Here's what you can do:

1. Update API Endpoint: Check if the API provider supports HTTPS. If it does, update the URL of your XMLHttpRequest to use HTTPS instead of HTTP. For example, change the URL to 'https://111.111.111.111:7080/api/svc/v2/projectList?page=1' if the API server supports HTTPS.
2. Use a Proxy: If the API provider doesn't support HTTPS, you can set up a proxy server on your domain that makes the insecure HTTP request to the API and serves it securely over HTTPS to your website. This way, your website communicates with your server over HTTPS, and your server communicates with the API over HTTP.
3. Contact API Provider: If you don't have control over the API server and can't set up a proxy, you should contact the API provider and ask if they can provide HTTPS support. Many providers are moving towards HTTPS-only services for security reasons.
4. Content Security Policy (CSP): You can also implement a Content Security Policy on your website, which can help prevent mixed content issues by specifying which sources are considered safe for loading content. However, this should be used in conjunction with fixing the mixed content issues at the source.