Mixed content error when trying to authorize OAuth

Mixed Content: The page at ‘https://api.twitch.tv/kraken/oauth2/authenticate?action=authorize&client_id…ode&scope=user_read&state=b51774f588415e17faeb29652fdc07d430615b3d37d5e02f’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://mp.twitch.tv/track?data=’. This request has been blocked; the content must be served over HTTPS.

I’m using https://github.com/WebTheoryLLC/omniauth-twitch to set up the authorization.
Chrome Version 46.0.2490.86 (64-bit) in Incognito mode

Is this an issue on my end?

no, the tracking code on the page used an http protocol when it should have used https. This is something twitch has control over.

1 Like

Cool. I wonder if it’s happening to other people too and if they have a workaround. It’s a blocker for me.

Created a Github Issue here https://github.com/justintv/Twitch-API/issues/469

• what was the exact url your app requested? replace your client id with {client_id} if you choose to omit
• what is the response you were expecting to get from the api?
• what response did you actually get from the api?

I’m on this page trying to login.

https://api.twitch.tv/kraken/oauth2/authenticate?action=authorize&client_id={clientid}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Ftwitchtv%2Fcallback&response_type=code&scope=user_read&state=a7b709fd03cd1cd97960f48ae4aaffb1221236363d7cb703

This request fails and says it’s a canceled request in the Chrome debugger.

https://api.twitch.tv/kraken/oauth2/authorize?action=login&client_id={clientid}&date[day]=&date[month]=&date[year]=&email=&login={user}&login_type=login&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Ftwitchtv%2Fcallback&response_type=code&scope=user_read&state=a7b709fd03cd1cd97960f48ae4aaffb1221236363d7cb703&utf8=✓

Mixed content warnings shouldn’t cause the page to fail to load, and all functionality of that page should still work since only the tracking script is failing.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.