We are using hubspot API for authentication. Once user enter credentials, these are verified using following URL, as mentioned in hubspot docs
In this URL, clientId, portalId and redirect URL are added dynamically and the URL changes to following in our case
You can see that we are specifying https in this request and our redirect URL is also using SSL.
If correct portal and client Id are specified, user is redirected to login screen, otherwise this error page is displayed. Now, the error page is on http and our app is using https. This creates mixed active content error and this error page is not displayed in iframe.
Mixed Content: The page at 'https://qa.at-event.com/central/myaccount' was loaded over HTTPS, but requested an insecure resource 'http://static.hubspot.com/html/missing_parameter.html'. This request has been blocked; the content must be served over HTTPS.
I want to display exact error message in iframe so that user can correct client/portal Id. This used to work before as well.
Similarly, if user enters valid client id and portal id and is not currently logged into hubspot, he is redirected to login screen. Once valid credentials are entered, user must be redirected to authorize screen. This is done by following URL of hubspot:
This URL generates following error in console:
Mixed Content: The page at 'https://qa.at-event.com/central/myaccount' was loaded over HTTPS, but requested an insecure resource 'http://app.hubspot.com/auth/authenticate?client_id=b593dc8b-de30-4349-a2e9-….at-event.com%2Fcentral%2Fgetresponsefromhubspot&scope=contacts-rw+offline'. This request has been blocked; the content must be served over HTTPS.
I have tried using relative URL as mentioned in knowledge base article https://knowledge.hubspot.com/articles/kcs_article/cos-general/how-do-i-resolve-mixed-content-warnings-on-an-ssl-site. It used to work fine with relative URL but now I get same exception in console.
Kindly let us know a way to ensure that all URLs from hubspot use SSL.