http.get and http.head methods changing https request to http request in FlutterWeb PWA for urls from its own domain

[P5music]

I created a PWA with Flutter Web.
When I use the http.get or http.head functions with an url like
https://www.myapp.info/api/validate/?url=https://external.site.com/path/file.ext
but
it likes it if the url has a fake file (I need a different .htaccess rule for that)
https://www.myapp.info/api/validate/fake_file.ext?url=https://external.site.com/path/file.ext
this is a workaround.

In the former case
the request gets changed into
something starting with
http://www.myapp.info/....
and in the browser I get
an error like

Mixed Content: The page at 'https://www.myapp.info/appdev/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.myapp.info/api/validate/?url=.....'. This request has been blocked; the content must be served over HTTPS.
ClientException: XMLHttpRequest error., uri=[https://www.myapp.info/api/validate?url=

It is ascertained that the request does not even leave the browser, Chrome or Firefox
(Firefox calls it Active Mixed Content)

My PWA is not working because of this, for a certain feature, unless I use the workaround and change also the htaccess rule on my server.

No matter how I create the uri request, even with https method itself, it gets changed.
The same using the dio package (using that, the error says that the network layer is the cause)

[brianquinlan]

It is very unlikely that this is an issue with package:http. Instead, it is likely to be a limitation of XMLHttpRequest.

[P5music]

Thanks for the response.
Is there any possible reason for it to like the fake_file.ext workaround?
Indeed
https://www.myapp.info/api/validate/fake_file.ext?url=https://external.site.com/path/file.ext
is not altered so there is not an error.
You say it is a limitation of XMLHttpRequest, but it is a bug isn't it? I mean, it does something wrong and the result is an error it creates by itself.