Mixed content - HTTPS to HTTP request

[liwani]

Hi,

Thank you for a very useful guide and this repo. I was able to deploy the project in AWS but when I try logging in I get Incorrect Username or Password message. When I Inspect the source these are the messages I'm getting:
Mixed Content: The page at 'https://<CF_ID>.cloudfront.net/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<CF_ID>.cloudfront.net/Prod/login'. This content should also be served over HTTPS.
and
Access to XMLHttpRequest at 'https://<my_domain>/Prod/login' from origin 'https://<CF_ID>.cloudfront.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

The project is deployed in us-east-1, I followed instructions on https://www.jpsim.com/awspics/, deployed with SSL cert ARN provided via config.json and with the value for this parameter being empty. In both cases the result is the same.
I validated user and password with htpasswd -v command.

I wanted to check if this is a known issue with known quick fix or something I'd need to dig into the code to solve?

Thanks!

[jpsim]

I didn't run into this, sorry.