转载 Mixed Content Page

Posted panzer

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了转载 Mixed Content Page相关的知识,希望对你有一定的参考价值。

网站配置了https之后,网页上的百度地图无法正常显示,报错类似于:

Mixed Content: The page at ‘https://url_1‘ was loaded over HTTPS, 
but requested an insecure script ‘http://monitor_analytic.js‘. 
This request has been blocked; the content must be served over HTTPS.

原因可能是:

1. HTTPS页面里动态的引入HTTP资源,比如引入一个js文件,会被直接block掉的
2. 在HTTPS页面里通过AJAX的方式请求HTTP资源,也会被直接block掉的。

提出的解决办法:

方法1:相对协议。
对于同时支持HTTPS和HTTP的资源,引用的时候要把引用资源的URL里的协议头去掉,
浏览器会自动根据当前是HTTPS还是HTTP来给资源URL补上协议头的,可以达到无缝切换。

 

下面是回答中有人给出的解决办法:http://thehackernews.com

The search engine giant recommended you to enable it via an HTTP response header,
"Content-Security-Policy: upgrade-insecure-requests," if all the content is controlled by you.

However, if the unsecure resources are served from a web server you don’t control, you can include the 
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> tag in your pages <head>.

对于https协议下访问http的图片链接,chrome浏览器并没有block,而是提出了警告。但是并不是所有手机的webkit浏览器都支持这样的警告,很多手机可能还是会直接block,造成图片没有办法显示

总结:对于mixed content page that the connection is only partially encrypted. 为了在http转https的过程中顺利过渡,mixed content page页面是非常糟糕的选择。

以上是关于转载 Mixed Content Page的主要内容,如果未能解决你的问题,请参考以下文章

Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure........(示例

错误:Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure.......(

Mixed Content: The page at ‘<URL>‘ was loaded over HTTPS, but requested an insecure script ‘<URL>‘.(

JS错误:Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure

解决Mixed Content: The page at https://* was loaded over HTTPS, but requested an insecure XMLHttpReque

[原创][Synth 8-2543] port connections cannot be mixed ordered and named ["*_Top.v":1151](代码片