Html 通过 https 加载样式表的问题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15452519/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Problems loading style sheets over https
提问by MrJoshFisher
I recently applied an SSL certificate to my domain but I'm having problems with some of the styles when viewing my website on http:// the styles are fine but when viewing it through https:// then no styles are applied at all, I found out what the problem was I wasn't loading my thirdparty styles through https instead they were http, switched to https all problems were solved.
我最近在我的域中应用了 SSL 证书,但是在 http:// 上查看我的网站时我遇到了一些样式问题,但是当通过 https:// 查看时,根本没有应用任何样式,我发现问题是我没有通过 https 加载我的第三方样式,而是通过 http,切换到 https,所有问题都解决了。
回答by Kornel
You're probably using an http://link to a stylesheet on an https://website.
您可能正在使用http://指向https://网站上样式表的链接。
Secure websites are not allowed to mix protocols. Everythinghas to be embedded from a secure server. Browsers will ignore/block HTTP resources on HTTPS pages (with varying degree of strictness).
不允许安全网站混合使用协议。一切都必须从安全服务器嵌入。浏览器将忽略/阻止 HTTPS 页面上的 HTTP 资源(具有不同程度的严格性)。
The reason for this blocking is that insecure HTTP resources like stylesheets and scripts could still be modified by an attacker and used to spoof/hiHyman secure parts of the site.
这种阻止的原因是不安全的 HTTP 资源(如样式表和脚本)仍然可以被攻击者修改并用于欺骗/劫持站点的安全部分。
If the stylesheet is served from your server, then omit protocol+host part of the URL, i.e. instead of http://example.com/style.cssuse /style.cssas the URL, so it'll work on both HTTP and HTTPS. You can also use protocol-relative URLs.
如果样式表是从你的服务器提供服务,URL的则省略协议+主机部分,即而不是http://example.com/style.css使用/style.css的URL,所以它会在HTTP和HTTPS工作。您还可以使用协议相对 URL。
If you have to have one full URL, then use https://…URLs only.
如果您必须拥有一个完整的 URL,则https://…仅使用URL。
回答by Explosion Pills
If the requested URI is https, if you have resources on the page (images, stylesheets, JavaScript files et. al.) that are requested with the httpscheme some browsers may block them because they are considered insecure. You can circumvent that per-browser, but you also have alternatives in your code:
如果请求的 URI 是https,如果页面上有使用该http方案请求的资源(图像、样式表、JavaScript 文件等),则某些浏览器可能会阻止它们,因为它们被认为是不安全的。您可以绕过每个浏览器,但您的代码中也有替代方案:
- Use
httpsto request everything, or at least match the schems. - Use
//to indicate the scheme. The browser will match the scheme with the request URI. For example:<link rel="stylesheet" type="text/css" href="//example.com/path/to.css">
- 使用
https到的一切要求,或者至少匹配schems。 - 使用
//指示方案。浏览器会将方案与请求 URI 进行匹配。例如:<link rel="stylesheet" type="text/css" href="//example.com/path/to.css">
