Mixed Content errors blocking Connect on a custom Connect application


Aspera Connect is blocked by the browser (usually Chrome) on a custom Connect web application built with the Connect SDK. The developer console also outputs errors such as the following:

Mixed Content: The page at 'https://connectapp.example.com' was loaded over HTTPS, but requested an insecure resource 'fasp://initialize'. This request has been blocked; the content must be served over HTTPS.

If the application is accessed by HTTP (http://connectapp.example.com) rather than HTTPS, Connect initializes and runs as expected.


This issue is most likely due to your web server's Content Security Policy, which may be too strict. CSP is configured through headers sent in HTTP responses, and works by instructing browsers which scripts to execute or not.

It is likely that your CSP includes a directive to block all mixed content, like the following:

Content-Security-Policy: block-all-mixed-content

This CSP directive is set either in your server's configuration file or in your web application's <head> section. Check for this directive and remove it as a way of working around this issue.


Powered by Zendesk