升级https后解决http资源文件访问被阻止

0 点赞
0 条评论
592 次浏览
发布于 7 个月前

在升级https后直接用ajax跨域请求返回数据因为不是https协议网站  返回的数据或资源所以会被拦截阻挡

Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure stylesheet 'http://example.com/static/css/example.css'. This request has been blocked; the content must be served over HTTPS.

该错误是说浏览器的同一页面下不能即访问https协议,又访问http协议,这时候请求直接会被浏览器拦截。

解决办法

//解决 https调用 http
var protocol = window.location.protocol;
if (protocol.includes("https:")) {
	var metaTag = document.createElement("meta");
	metaTag.httpEquiv = "Content-Security-Policy";
	metaTag.content = "upgrade-insecure-requests";
	document.getElementsByTagName("head")[0].appendChild(metaTag);
}

当然也可以通过在网页 head 中添加标签

<html>
<head>
...
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
</head>
...

或者在nginx上面添加header

location / {
	...
	add_header Content-Security-Policy upgrade-insecure-requests;
	...
}

其他后端语言也可以参照nginx的配置来进行修改

版权所属:开发日记
转载时必须以链接形式注明原始出处及本声明。
"赞助我们,我们才能做的更多&更好"
赞助支持
还没有评论
写下你的评论...