This content should also be served over HTTPS
HTTPS 是 HTTP over Secure Socket Layer,以安全为目标的 HTTP 通道,所以在 HTTPS 承载的页面上不允许出现 http 请求,一旦出现就是提示或报错:
Mixed Content: The page at 'https://domain.com/w/a?id=074ac65d-70db-422d-a6d6-a534b0f410a4' was loaded over HTTPS, but requested an insecure image 'http://img.domain.com/images/2016/5/3/2016/058c5085-21b0-4b1d-bb64-23a119905c84_cf0d97ab-bbdf-4e25-bc5b-868bdfb581df.jpg'. This content should also be served over HTTPS.
很多运营对 https 没有技术概念,在填入的数据中不免出现 http 的资源,出现疏忽和漏洞也是不可避免的。
解决办法一:CSP设置upgrade-insecure-requests
W3C工作组考虑到了我们升级HTTPS的艰难,在2015年4月份就出了一个Upgrade Insecure Requests 的草案(http://www.w3.org/TR/mixed-content/),他的作用就是让浏览器自动升级请求。
在我们服务器的响应头中加入:
server {...add_header Content-Security-Policy upgrade-insecure-requests;...
}
我们的页面是 https 的,而这个页面中包含了大量的 http 资源(图片、iframe等),页面一旦发现存在上述响应头,会在加载 http 资源时自动替换成 https 请求。
方法二、
页面中加入 meta 头:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />
目前支持这个设置的还只有 chrome 43.0,不过我相信,CSP 将成为未来 web 前端安全大力关注和使用的内容。而 upgrade-insecure-requests 草案也会很快进入 RFC 模式。
This content should also be served over HTTPS相关推荐
- Nginx报错Mixed Content: The page was loaded over HTTPS, This content should also be served over https
报错信息如下: Mixed Content: The page at 'https://www.example.com' was loaded over HTTPS, but requested an ...
- 【Https异常】This request has been blocked; the content must be served over HTTPS
[Https异常]This request has been blocked; the content must be served over HTTPS 参考文章: (1)[Https异常]This ...
- Mixed Content: The page was loaded over HTTPS,blocked the content must be served over HTTPS.
今天遇到一个问题: Mixed Content: The page at was loaded over HTTPS, but requested an insecure XMLHttpReque ...
- the content must be served over HTTPS报错
项目最近访问地址由http转到https上,访问一些静态资源出现the content must be served over HTTPS.这些资源都是用的原http开头的地址,都需要变成https访 ...
- 【WEB前端】【报错解决】This request has been blocked; the content must be served over HTTPS....
问题描述 部署WEB项目后,开启了强制HTTPS,产生如下错误: Mixed Content: The page at 'https://ask.mllt.vip/index.php/data1.ht ...
- https下 http的会被阻塞 This request has been blocked; the content must be served over HTTPS.
如何在HTTPS 网页中引入HTTP资源: Mixed Content? https://segmentfault.com/q/1010000005872734/a-1020000005874533 ...
- 页面报错This request has been blocked; the content must be served over HTTPS
控制台中报错: 为什么报错: https http混合导致, 网站所用的是https请求http,被阻止. 解决方法: 1.页面中都用https 或者http or 2.在<head>标签 ...
- the content must be served over HTTPS 解决方案
起因 上传图片出现了如下警告: 报错的原因就是当前页面是https协议加载的,但是这个页面发起了一个http的ajax请求,这种做法是非法的.HTTPS页面里动态的引入HTTP资源,比如引入一个js文 ...
- 此请求已被阻止;内容必须通过HTTPS提供 This request has been blocked; the content must be served over HTTPS.
$.getScript("http://ip.ws.126.net/ipquery", function () {console.log(localAddress);//返回对象O ...
- Mixed Content: The page at was loaded over HTTPS, but requested an insecure imag
让浏览器不再显示 https 页面中的 http 请求警报 HTTPS 是 HTTP over Secure Socket Layer,以安全为目标的 HTTP 通道,所以在 HTTPS 承载的页面上 ...
最新文章
- Win10系列:JavaScript图形
- Python之pyarrow:pyarrow的简介、安装、使用方法之详细攻略
- 深度学习原理与框架-卷积网络细节-数据增强策略 1.翻转 2.随机裁剪 3.平移 4.旋转角度...
- AVC sequence header AAC sequence header
- (转)PowerHA完全手册(一,二,三)
- Matlab画图技巧之保存超大体积图
- 惠普:存储为未来而设计
- C++ 字符串 多个<< << <<
- 计算机c盘删除的文件怎么找回,C盘空间不足怎么办 删除C盘文件教程【详解】...
- QTableView遍历
- 关于路由器花生壳动态域名无法连接的解决方法
- 一项采用MasimoO3(R)的前瞻性研究就通气抢救疗法对COVID-19患者脑氧合的效应进行了深入探查
- Set和Map数据结构。
- 【电力电子技术】整流电路
- docker的搭建和简单应用
- 解决Windows server 2003不认U盘
- Android第三方登录详解2
- 极其简单的响应式的模块化布局、看板布局 js 工具
- 深入理解二叉搜索树(BST)
- uniapp设置百度小程序索引页dynamicLib、usingComponents、swan-sitemap-list