cancel
Showing results for 
Search instead for 
Did you mean: 

Getting mixed HTTP/HTTPS during OAuth flow

SOLVED
Occasional Contributor

Getting mixed HTTP/HTTPS during OAuth flow

I have an OAuth flow that was previously working, but I just started getting mixed content errors and blocking Chrome.

 

  1. I open an iframe with 
    https://oauth2.constantcontact.com/oauth2/oauth/siteowner/authorize?response_type=code&client_id=......
  2. Constant Contact responds with a 302 to
    https://login.constantcontact.com/login/logout?relogin=true&oauthflow=true&wb=false&goto=https%3A%2F...
  3. Constant Contact responds with another 302 to
    https://login.constantcontact.com/login?goto=https://oauth2.constantcontact.com/oauth2/oauth/login?r...
  4. Chrome halts the request because:
    Mixed Content: The page at '...' was loaded over HTTPS, but requested an insecure form action 'http://login.constantcontact.com/login/?goto=https://oauth2.constantcontact.com/oauth2/oauth/login?r... This request has been blocked; the content must be served over HTTPS.

 

2 REPLIES
Honored Contributor

Re: Getting mixed HTTP/HTTPS during OAuth flow

Hello,

 

I had a look at this with our team and it looks like there was a quirk happening with the flow that specifically happens when a user is already logged in to Constant Contact and initiates the OAuth flow. After looking at this with the team that owns the affected application, we were able to find the cause and should be able to have the fix in place in the next couple of weeks.

 

For the immediate term, the solution to this problem is to simply try the flow again, as you should already be logged out of your account and see success on the second try. It's also worth noting that this does not impact all versions of Chrome, as I am not personally able to reproduce the problem on Chrome 44.0.2403.155.

 

If you have any questions, please let me know!

 

Sincerely,

Elijah G.
API Support Engineer
Occasional Contributor

Re: Getting mixed HTTP/HTTPS during OAuth flow

Thank you for the prompt reply on a Friday afternoon, Elijah. I can work around this for a couple of weeks. :)

Still need help?
You can post a new message in the Community or find us on Twitter Mon-Fri 8am - 8pm ET. We've got real people waiting to help you out. Click below to start a conversation!