HTTP map service from app hosted via HTTPS: blocked loading mixed active content

Anonymous User · ‎01-13-2015

I have a web app hosted via HTTPS that is trying to load basemaps (or cached map services from a Data Appliance) from a different ArcGIS Server that does not have SSL enabled (and which I don't control).

I thought tile images were inactive content and I would not be getting "Blocked loading mixed active content ..." errors in my app, but I am getting that error on load due to an apparent API query of the map service!

Can that query ("http://<server>/arcgis/rest/services/World_Topo_Map/MapServer/f=json") be disabled or mitigated somehow? It is unlikely I can influence the server admins to enable SSL, so using HTTPS is not an option.

DavidBlanchard · ‎01-14-2015

This is a browser restriction; you cannot make an unsecured request from a secured page in most (if not all) modern browsers.

You can bypass this issue by using a proxy (see link below) hosted on your secure server, however this defeats the purpose of having a secured application and is therefore not suggested. Whenever you add non secure content to a secured page, the page becomes unsecured for all intents and purposes.

Otherwise, the only other option is to remove SSL from your site or not use that service.

Using the proxy | Guide | ArcGIS API for JavaScript

Anonymous User · ‎01-14-2015

I am very familiar with the security issue (unfortunately). My question was about preventing the API from launching a query (i.e. active content) against a map service only used for basemap image tiles. Image tiles are inactive content, so I assumed the mixed active content security violation would not come up. But it does come up because of those map service queries that I wasn't expecting.

Luckily the esri/layers/WebTiledLayer class is does not launch any queries against the map service, so I am going to switch to that layer type.