Mixed content error when trying to authorize OAuth

mrlamroger · November 20, 2015, 9:33am

Mixed Content: The page at ‘https://api.twitch.tv/kraken/oauth2/authenticate?action=authorize&client_id…ode&scope=user_read&state=b51774f588415e17faeb29652fdc07d430615b3d37d5e02f’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://mp.twitch.tv/track?data=’. This request has been blocked; the content must be served over HTTPS.

I’m using GitHub - WebTheoryLLC/omniauth-twitch: OmniAuth Strategy for Twitch to set up the authorization.
Chrome Version 46.0.2490.86 (64-bit) in Incognito mode

Is this an issue on my end?

nate · November 20, 2015, 11:19am

no, the tracking code on the page used an http protocol when it should have used https. This is something twitch has control over.

mrlamroger · November 21, 2015, 1:07am

Cool. I wonder if it’s happening to other people too and if they have a workaround. It’s a blocker for me.

Created a Github Issue here https://github.com/justintv/Twitch-API/issues/469

nate · November 21, 2015, 1:24am

• what was the exact url your app requested? replace your client id with {client_id} if you choose to omit
• what is the response you were expecting to get from the api?
• what response did you actually get from the api?

mrlamroger · November 21, 2015, 9:42am

I’m on this page trying to login.

https://api.twitch.tv/kraken/oauth2/authenticate?action=authorize&client_id={clientid}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Ftwitchtv%2Fcallback&response_type=code&scope=user_read&state=a7b709fd03cd1cd97960f48ae4aaffb1221236363d7cb703

This request fails and says it’s a canceled request in the Chrome debugger.

https://api.twitch.tv/kraken/oauth2/authorize?action=login&client_id={clientid}&date[day]=&date[month]=&date[year]=&email=&login={user}&login_type=login&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Ftwitchtv%2Fcallback&response_type=code&scope=user_read&state=a7b709fd03cd1cd97960f48ae4aaffb1221236363d7cb703&utf8=✓

Fugiman · November 23, 2015, 1:26am

Mixed content warnings shouldn’t cause the page to fail to load, and all functionality of that page should still work since only the tracking script is failing.

system · December 23, 2015, 1:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.