This content should also be served over HTTPS
HTTPS 是 HTTP over Secure Socket Layer,以安全爲目標的 HTTP 通道,因此在 HTTPS 承載的頁面上不容許出現 http 請求,一旦出現就是提示或報錯:前端
Mixed Content: The page at 'https://domain.com/w/a?id=074ac65d-70db-422d-a6d6-a534b0f410a4' was loaded over HTTPS, but requested an insecure image 'http://img.domain.com/images/2016/5/3/2016/058c5085-21b0-4b1d-bb64-23a119905c84_cf0d97ab-bbdf-4e25-bc5b-868bdfb581df.jpg'. This content should also be served over HTTPS.
不少運營對 https 沒有技術概念,在填入的數據中難免出現 http 的資源,出現疏忽和漏洞也是不可避免的。web
解決辦法一:CSP設置upgrade-insecure-requestschrome
W3C工做組考慮到了咱們升級HTTPS的艱難,在2015年4月份就出了一個Upgrade Insecure Requests 的草案(http://www.w3.org/TR/mixed-content/),他的做用就是讓瀏覽器自動升級請求。
在咱們服務器的響應頭中加入:瀏覽器
server { ... add_header Content-Security-Policy upgrade-insecure-requests; ... }
咱們的頁面是 https 的,而這個頁面中包含了大量的 http 資源(圖片、iframe等),頁面一旦發現存在上述響應頭,會在加載 http 資源時自動替換成 https 請求。安全
方法2、
頁面中加入 meta 頭:服務器
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />
目前支持這個設置的還只有 chrome 43.0,不過我相信,CSP 將成爲將來 web 前端安全大力關注和使用的內容。而 upgrade-insecure-requests 草案也會很快進入 RFC 模式。dom
相關文章
- 1. This content should also be served over HTTPS
- 2. the content must be served over HTTPS
- 3. Mixed Content: The page was loaded over HTTPS,blocked the content must be served over HTTPS.
- 4. Mixed Content: xxx This request has been blocked; the content must be served over HTTPS.
- 5. This request has been blocked; the content must be served over HTTPS.
- 6. 【Https異常】This request has been blocked; the content must be served over HTTPS
- 7. this request has been blocked;the content must be served over https
- 8. HTTPS調用百度地圖API提示「BMap未定義, This request has been blocked; the content must be served over HTTPS.,was
- 9. android WebView加載不出網頁內容This request has been blocked; the content must be served over HTTPS.
- 10. 網站安裝了sll 訪問報錯This request has been blocked; the content must be served over HTTPS.
- 更多相關文章...
- • HTTP content-type - HTTP 教程
- • ASP Content Linking 組件 - ASP 教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • JDK13 GA發佈:5大特性解讀
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. This content should also be served over HTTPS
- 2. the content must be served over HTTPS
- 3. Mixed Content: The page was loaded over HTTPS,blocked the content must be served over HTTPS.
- 4. Mixed Content: xxx This request has been blocked; the content must be served over HTTPS.
- 5. This request has been blocked; the content must be served over HTTPS.
- 6. 【Https異常】This request has been blocked; the content must be served over HTTPS
- 7. this request has been blocked;the content must be served over https
- 8. HTTPS調用百度地圖API提示「BMap未定義, This request has been blocked; the content must be served over HTTPS.,was
- 9. android WebView加載不出網頁內容This request has been blocked; the content must be served over HTTPS.
- 10. 網站安裝了sll 訪問報錯This request has been blocked; the content must be served over HTTPS.