Javascript 不允许 HTTPS 页面运行来自 safari-extension:// URI 的不安全内容
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/39076180/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
HTTPS page was not allowed to run insecure content from safari-extension:// URI
提问by Emmanuel Sellier
I face a strange behavior in a Safari extension with Safari 9.1 (11601.5.17.1). I try to insert a new Iframe with an src pointing to an html file in the extension package using "safari-extension://...".
我在 Safari 9.1 (11601.5.17.1) 的 Safari 扩展中遇到了一个奇怪的行为。我尝试使用“safari-extension://...”插入一个新的 iframe,其中 src 指向扩展包中的 html 文件。
The URL is correct and the content is displayed in a new tab, if I click on the link from the error message displayed in the console.
如果我单击控制台中显示的错误消息中的链接,则 URL 正确并且内容显示在新选项卡中。
[blocked] The page at https:// was not allowed to run insecure content from safari-extension://com.mycompany.myextension-7KZE138RQQ/3d4c3273/js/proxy.js.
[被阻止] https:// 页面不允许运行来自 safari-extension://com.mycompany.myextension-7KZE138RQQ/3d4c3273/js/proxy.js 的不安全内容。
It seems the URL with safari-extension scheme is not considered as secured and safari applies "no http in https page" security policy. It used to work before (before what? I don't know.).
似乎带有 safari-extension 方案的 URL 不被认为是安全的,并且 safari 应用“https 页面中没有 http”安全策略。它以前可以工作(之前是什么?我不知道。)。
Any idea? Could that behavior be changed with a specific Content-security-policy?
任何的想法?这种行为可以通过特定的内容安全策略来改变吗?
Thanks
谢谢
回答by David R
You need to configure your safari to display the mixed content,
您需要配置您的 safari 以显示混合内容,
Follow these steps.
按着这些次序。
1. Open up Preferences by selecting "Preferences" from the "Safari" menu.
1. 通过从“Safari”菜单中选择“首选项”打开首选项。
2. Click on the the "Security" (tab) icon near the top of the dialog.
2. 单击对话框顶部附近的“安全”(选项卡)图标。
3. Make sure that the "Ask before sending a non-secure form to a secure website" option is unchecked.
3. 确保未选中“将非安全表单发送到安全网站之前询问”选项。
Hope this helps!
希望这可以帮助!
