"This request has been blocked; the content must be served over HTTPS.", I am getting this error when trying to reach my Beanstalk (spring boot) api from Cloudfront (angular app on s3)
I am quite new to aws and have spent some time on this. I have tried How to allow HTTPS on Elastic Beanstalk application and followed most guides online.
My target group is unhealthy for some reason (not sure if that info is useful).
I have allowed traffic on the ports in the security groups (suggested in other questions and guides).
And just recently tried creating a distribution in CloudFront using the load balancer.
What am I missing or doing wrong? Any help would be much appreciated, thanks.
2
Answers
You can also add these configurations directly from your application source code by adding this code under .ebextensions/health_check.config:
The redirect rule is unhelpful here, because the browser is preventing the request from even getting to the load balancer, so the redirect rule is not being triggered. The web browser is saying "this is a secure website, but it is trying to make insecure HTTP calls to an API, so I have totally blocked the API call".
For the redirect to work, the browser would have to allow the insecure API call to happen first, at which point the load balancer would then return a redirect, essentially telling the web browser to try again using a secure URL this time.
You need to change your front-end code to ensure it is only making HTTPS calls to the backend API.
It’s not the cause of the issue you are currently seeing, but once you get the API calls working from the front-end you are going to get error responses from the backend until you fix the target group health checks. It is absolutely critical that you get the target group health checks working so that the load balancer will actually route the requests to your target server(s).