Navigation Failed Because The Request Was For An Http Url With Https-only Enabled !!better!! May 2026

HTTPS-Only mode forces the browser to automatically upgrade every request to HTTPS. If the upgrade fails (or if you explicitly hardcode http:// ), the browser throws an error instead of falling back to unsafe HTTP. You cannot fix this by telling your users to turn off HTTPS-Only mode. Instead, you need to fix your code or infrastructure. Fix 1: Use Protocol-Relative or Absolute HTTPS URLs (The Easiest) Never hardcode http:// or https:// in your frontend code. Use protocol-relative URLs (starting with // ) or absolute paths.

// Option C: Just use a relative path if on the same origin fetch('/api/data'); If the browser is trying to access your http:// resource because your server is misconfigured, you can train the browser to never use HTTP again via HTTP Strict Transport Security (HSTS) .

The golden rule of 2026 is simple: APIs, images, iframes, and fonts. HTTPS-Only mode forces the browser to automatically upgrade

https://yourapp.com/api/proxy ➔ Your Server (Node.js/NGINX): http://legacy-vendor.com/data ➔ Back to Browser.

Add this header to your server (Apache/NGINX): Instead, you need to fix your code or infrastructure

fetch('http://mybackend.com/api/data'); <img src="http://cdn.example.com/logo.png">

// Option A: Protocol-relative (Uses whatever the parent page uses) fetch('//mybackend.com/api/data'); // Option B: Absolute HTTPS (Forces encryption) fetch('https://mybackend.com/api/data'); // Option C: Just use a relative path

We’ve all been there. You click a link, type a URL, or your frontend JavaScript tries to call an API endpoint. Instead of a beautiful UI, you’re greeted by a stark, white page and a confusing console error: “Navigation failed because the request was for an HTTP URL with HTTPS-Only enabled.”