Hello,
I'm developing a Reactive Web App in OutSystems, and I need to call an HTTP endpoint.
The endpoint is HTTP only (not HTTPS) because it uses Header Enrichment to retrieve the client's mobile number automatically.
The endpoint team confirmed it cannot switch to HTTPS, otherwise Header Enrichment would stop working.
My application runs over HTTPS (https://...).
When trying to make the HTTP request from the browser, it gets blocked due to the Mixed Content policy.
Questions:
In this scenario, what is the recommended way to perform the HTTP call without breaking browser security?
Should I implement a server-side proxy in OutSystems to forward the request? If so, how should I handle Header Enrichment headers to make sure the client's phone number is still correctly retrieved?
Any help or examples would be highly appreciated!
Thank you!
Hi @Parcidio Andre
Based on the ref i found from stack; I would recommend you to use the page-redirect approach via JS.1- Open the url in new tab using windw.open(<your url api>)2- after populating the data; redirect back to your https page with query param like a callback
The only challenge I see here is... http api request should redirect you to your callback..https > js access api with callback > http > back to callback i.e your httpshttps://stackoverflow.com/questions/4032104/http-ajax-request-via-https-pageGood Luck
Hi @assif_tiger ,
Following up on the discussion:
I won't be able to alter or control the page/endpoint that returns the client's number via Header Enrichment. This endpoint does not handle any redirects or JavaScript execution — it will simply expose the number on the page.
From what I understand, the solution suggested involves:
Opening the endpoint URL in a new tab using window.open().
Once the client number is retrieved, I need to redirect from that page to my HTTPS app, passing the number as a query parameter (like ?client_contact=...).
Is this the right understanding? Or would there be a way to automate this flow without needing modifications on the endpoint side?
Yes your understanding is correct . But as you mentioned the Http endpoint cannot be modified than in this case the approach will not work as no JS or redirect will work for you.Even going with the OS Server action approach.- You app calls server-action- Server action further calls Http API- Here Header enrichment will fail; as the request is not direct from your app :(Consideing the limitations; You can open the api http via JS i.e on a new tab & then user can refer there.. but that would be a very bad UX
Opening the endpoint URL in a new tab using window.open().YES
Once the client number is retrieved, I need to redirect from that page to my HTTPS app, passing the number as a query parameter (like ?client_contact=...).You can't control this; this has to be implemented by your HTTP Endpoint team .. they redirect with respective data to your URL