cancel
Showing results for 
Search instead for 
Did you mean: 
Constant Contact wants to help you succeed! We’re celebrating our professional service programs on the Constant Contact Community this month and you have a chance to try one of the services for free! Learn more.

Getting mixed HTTP/HTTPS during OAuth flow

SOLVED
Highlighted
Occasional Contributor

Getting mixed HTTP/HTTPS during OAuth flow

I have an OAuth flow that was previously working, but I just started getting mixed content errors and blocking Chrome.

 

  1. I open an iframe with 
    https://oauth2.constantcontact.com/oauth2/oauth/siteowner/authorize?response_type=code&client_id=......
  2. Constant Contact responds with a 302 to
    https://login.constantcontact.com/login/logout?relogin=true&oauthflow=true&wb=false&goto=https%3A%2F...
  3. Constant Contact responds with another 302 to
    https://login.constantcontact.com/login?goto=https://oauth2.constantcontact.com/oauth2/oauth/login?r...
  4. Chrome halts the request because:
    Mixed Content: The page at '...' was loaded over HTTPS, but requested an insecure form action 'http://login.constantcontact.com/login/?goto=https://oauth2.constantcontact.com/oauth2/oauth/login?r... This request has been blocked; the content must be served over HTTPS.

 

2 REPLIES 2
Honored Contributor

Re: Getting mixed HTTP/HTTPS during OAuth flow

Hello,

 

I had a look at this with our team and it looks like there was a quirk happening with the flow that specifically happens when a user is already logged in to Constant Contact and initiates the OAuth flow. After looking at this with the team that owns the affected application, we were able to find the cause and should be able to have the fix in place in the next couple of weeks.

 

For the immediate term, the solution to this problem is to simply try the flow again, as you should already be logged out of your account and see success on the second try. It's also worth noting that this does not impact all versions of Chrome, as I am not personally able to reproduce the problem on Chrome 44.0.2403.155.

 

If you have any questions, please let me know!

 

Sincerely,

Elijah G.
API Support Engineer
Occasional Contributor

Re: Getting mixed HTTP/HTTPS during OAuth flow

Thank you for the prompt reply on a Friday afternoon, Elijah. I can work around this for a couple of weeks. :)