Mixed Content Page

最新推荐文章于 2024-07-11 15:08:13 发布
最新推荐文章于 2024-07-11 15:08:13 发布
阅读量1w 收藏 1
点赞数 1
分类专栏: 基础知识 文章标签: web
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/whynottrythis/article/details/54178904
版权

The unencrypted HTTP content on the secured web pages could be accessed by hackers as well as could be modified by Man-in-the-Middle (MITM) attackers, which results in unsecured connection. This behavior of web pages is called a mixed content page.

因为工作中突然遇到了,就简单看了一下这些内容。希望能够起到抛砖引玉的效果。

在下面的链接中:
https://segmentfault.com/q/1010000005872734,博主引出了两个问题:

1. HTTPS页面里动态的引入HTTP资源,比如引入一个js文件,会被直接block掉的
2. 在HTTPS页面里通过AJAX的方式请求HTTP资源,也会被直接block掉的。

下面是具体的错误提示:

Mixed Content: The page at 'https://url_1' was loaded over HTTPS, 
but requested an insecure script 'http://monitor_analytic.js'. 
This request has been blocked; the content must be served over HTTPS.

提出的解决办法:

方法1:相对协议。
对于同时支持HTTPS和HTTP的资源,引用的时候要把引用资源的URL里的协议头去掉,
浏览器会自动根据当前是HTTPS还是HTTP来给资源URL补上协议头的,可以达到无缝切换。

下面是回答中有人给出的解决办法:http://thehackernews.com

The search engine giant recommended you to enable it via an HTTP response header,
"Content-Security-Policy: upgrade-insecure-requests," if all the content is controlled by you.

However, if the unsecure resources are served from a web server you don’t control, you can include the 
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> tag in your page's <head>.

对于https协议下访问http的图片链接,chrome浏览器并没有block,而是提出了警告。但是并不是所有手机的webkit浏览器都支持这样的警告,很多手机可能还是会直接block,造成图片没有办法显示。

 Mixed Content: The page at 'https://url_1' was loaded over HTTPS, but requested an insecure image
 'http://762961797.jpg'. This content should also be served over HTTPS.

总结:对于mixed content page that the connection is only partially encrypted. 为了在http转https的过程中顺利过渡,mixed content page页面是非常糟糕的选择。

如果觉得有用,请关注我的公众号,谢谢大家!


萌牛爱分享

i-neojos
关注
专栏目录
Mixed Content: The page was loaded over HTTPS, This content should also be served over https解决方案
漏刻有时数据可视化大屏(PHP&ECHARTS智能化开源软件系统)
11-29 3209
浏览器对于https链接会自动屏蔽不安全的http链接,就是所谓的Mixed Content。HTTPS页面里动态的引入HTTP资源时,比如引入一个js文件,会被直接block掉的.在HTTPS页面里通过AJAX的方式请求HTTP资源,也会被直接block掉的。
JS错误:Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure
热门推荐
简简单单Onlinezuozuo
09-28 8万+
JS错误:Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure 1、环境 Tomcat Nginx 【走https 通道】 框架形式是以 iframe 作为支撑的 2、问题 主体框架可以正常加载, 但是内部借口和 iframe 里面的内容以及静态资源全部报错 3、让Ngi...
nginx CA证书配置HTTPS
qq_40095973的博客
03-29 935
server {    listen 443;    server_name eee.top;    ssl on;    root /data/webroot/test;    index index.html index.htm;    ssl_certificate   cert/2.pem;    ssl_certificate_key  cert/244.key;    ssl_sess...
Mixed Content: The page at ‘https://lingyidianke.com/index‘ was loaded over HTTPS, but requested 安全
最新发布
weixin_54048131的博客
07-11 696
今天敲代码出现了bug:翻译:混合内容:“https://lingyidianke.com/index”处的页面是通过https加载的,但请求了不安全的XMLHttpRequest终结点“http://154 . 8 . 165 . 152:9090/code/list”。此请求已被阻止;内容必须通过HTTPS提供。这里自己的前端发送了一个http://154 . 8 . 165 . 152:9090/code/list请求,为了获取后端数据。
错误:Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure.
weixin_54197236的博客
08-29 2万+
浏览器Mixed Content问题
Mixed Content: The page at ‘<URL>‘ was loaded over HTTPS, but requested an insecure script ‘<URL>‘.
记录和分享属于我的“IT”时光
05-10 1万+
报错信息: Mixed Content: The page at ‘’ was loaded over HTTPS, but requested an insecure script ‘’. This request has been blocked; the content must be served over HTTPS. 出错原因: 因为谷歌浏览器对于https链接会自动屏蔽不安全的http链接,就是所谓的Mixed Content。HTTPS页面里动态的引入HTTP资源时,比如引入一个js文件,
https请求报错block:mixed-content问题的解决办法(已解决)
12-21
错误信息是“Mixed Content: The page was loaded over HTTPS,but requested an insecure resource. This request has been blocked; the content must be served over HTTPS。”,意味着页面是通过HTTPS加载的,但...
Mixed Content: The page at ‘https:...‘ was loaded over HTTPS, but requested an insecure script ‘http
baidulixueqin的博客
05-08 1948
今天把个人博客上传github预览时发现样式没了,打开控制台发现请求被拦截。 原因: 浏览器不允许在https页面里嵌入http的请求,现在高版本的浏览器为了用户体验,都不会弹窗报错,只会在控制台上打印一条错误信息。如下图所示: 解决方法 1’ 既然不支持http,那就改为https 2’ 将http自动升级为https 将调用的http请求升级成https请求 <meta http-equiv="Content-Security-Policy" content="upgrade-insecure
nginx代理服务报Mixed Content: The page at ‘https://xxx.com‘ was loaded over HTTPS
Bertram的博客
04-18 6985
使用nginx代理后端服务时出现如下错误: Mixed Content: The page at ‘https://xxx.com’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://xxx.com’. This request has been blocked. the content must be served over HTTPS. 错误原因: nginx代理的https页面中加载的内容使用的http协议导致报
JS错误:Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure 新的问题
简简单单Onlinezuozuo
10-15 3万+
文章目录JS错误:Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an insecure 新的问题1、修改nginx 配置参考2、让nginx 携带信息3、修改tomcat 的 Connector 以支持https4、tomcat 配置文件,仅供参考 JS错误:Mixed Content: ...
mixed content the site was loaded over a secure connection but the file at was loaded over an insecu
qubes的专栏
01-06 7041
问题: 在https地址试图通过a标签跳转到http下载地址时,浏览器报错。将跳转地址http改为https。
公众号开发https://open.weixin.qq.com/connect/oauth2/authorize授权报错redirect_uri 参数错误
qq_45151414的博客
09-14 3万+
未授权域名
解决跨域报错
Luke Ewin的博客
11-09 349
报错Mixed Content The page at was loaded over HTTPS but requested an insecure resource This request has been blocked the content must be served over HTTPS,想必大家并不陌生。首先提一下什么是跨域。跨域是:协议,主机,端口,三者只要有一个是不同,那么就会构成跨域。只有当这三者都相同的时候才认为是同源的,浏览器为了保证安全性,只有同源的请求才能相互获取内容。
Mixed Content: The page at ‘<URL>‘ was loaded over HTTPS, but requested an insecure frame ‘<URL>‘...
java小白翻身
04-16 8607
在添加了SSL证书的HTTPS中引入用HTTP的链接,就报错,请求协议的不同导致的 所有有关https带有http的文件或者链接例如:images / js等文件都会报请求 “网页的“ < url > ”是通过 HTTPS 加载的,但是请求一个不安全的帧“ < url > ”。此请求已被阻止; 内容必须通过 HTTPS 提供。” 解决方法: 第一种:查看http的文件,放到https路径中,引入方式添加https 第二种 页面的head中加入: <.
微信oauth2授权登录实践
MJ的博客
11-01 1万+
1、准备工作 微信公众平台测试号申请一个帐号,扫码登录 扫码关注一下,否则获取授权码时报错 授权成功回调地址redirect_url配置,可配置baidu.com,有些域名会有问题 绑定微信开发者账号 二、按照文档走oauth2授权码流程 1.获取授权码。scope为snsapi_base为静默模式及自动授权不会弹框,而snsapi_userinfo则必须显示点击确认授权按钮。redirecurl需要URLencode一下。 https://open.weixin.qq.com
错误:Mixed Content: The page at 'https://a.b.com/detail?id=5' was loaded over HTTPS, but reque
小单的博客专栏
04-19 5万+
关于这个错误的详细内容为:Mixed Content: The page at 'https://a.b.com/detail?id=5' was loaded over HTTPS, but requested an insecure script 'http://a.b.com/xxxxxxx'. This request has been blocked; the content must b
转载 Mixed Content Page
weixin_30603633的博客
04-17 262
网站配置了https之后,网页上的百度地图无法正常显示,报错类似于: Mixed Content: The page at 'https://url_1' was loaded over HTTPS, but requested an insecure script 'http://monitor_analytic.js'. This request has been blocked...
chrome禁止混合内容(Mixed Content) 解决
qq_36657291的博客
12-30 1万+
问题描述:网站协议是https(安全),下载excel地址的协议是http(不安全),所以点击下载会报以下错误 从Chrome84开始阻止混合内容, 页面的地址是通过 HTTPS 加载的,但是里面有不安全的内容(通过 HTTP 加载,被认为是不安全的),所以excel的链接自动升级为了 HTTPS 链接。 加载不出来的原因就找到了:Chrome 认为页面使用了 HTTPS 加载,下载地址如果是 HTTP 加载就不安全,会自动给升级为 HTTPS 加载。 解决办法: 一、 点击地址栏小锁图标
mixed-content
05-18
Mixed content refers to a web page that includes both secure (HTTPS) and non-secure (HTTP) content. This can pose a security risk because the non-secure content can potentially be intercepted or ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值