Javascript 页面通过 HTTPS 加载但请求不安全的 XMLHttpRequest 端点
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/37387711/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint
提问by J86
I have a page with some D3 javascript on. This page sits within a HTTPS website, but the certificate is self-signed.
我有一个页面,上面有一些 D3 javascript。此页面位于 HTTPS 网站内,但证书是自签名的。
When I load the page, my D3 visualisations do not show, and I get the error:
当我加载页面时,我的 D3 可视化没有显示,并且出现错误:
Mixed Content: The page at 'https://integration.jsite.com/data/vis' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://integration.jsite.com/data/rdata.csv'. This request has been blocked; the content must be served over HTTPS.
混合内容:“ https://integration.jsite.com/data/vis”页面已通过 HTTPS 加载,但请求了不安全的 XMLHttpRequest 端点“ http://integration.jsite.com/data/rdata.csv”。此请求已被阻止;内容必须通过 HTTPS 提供。
I did some research and all I found what the JavaScript will make the call with the same protocol that the page was loaded. So if page was loaded via httpsthen the rdata.csvshould also have been requested via https, instead it is requested as http.
我做了一些研究,我发现 JavaScript 将使用与加载页面相同的协议进行调用。因此,如果页面是通过加载的,https那么rdata.csv也应该通过 请求https,而不是作为http.
Is this because the certificate is self-signed on the server? What I can do to fix this, other than installing a real SSL certificate?
这是因为证书在服务器上是自签名的吗?除了安装真正的 SSL 证书,我还能做些什么来解决这个问题?
采纳答案by Tom
What I can do to fix this (other than installing a real SSL certificate).
我可以做些什么来解决这个问题(除了安装真正的 SSL 证书)。
You can't.
你不能。
On an https webpage you can only make AJAX request to https webpage (With a certificate trusted by the browser, if you use a self-signed one, it will not work for your visitors)
在 https 网页上,您只能向 https 网页发出 AJAX 请求(使用浏览器信任的证书,如果您使用自签名证书,它将不适用于您的访问者)
回答by user2791178
I had the same issue for my angular project, then I make it work in Chrome by changing the setting. Go to Chrome setting -->site setting -->Insecure content --> click add button of allow, then add your domain name [*.]XXXX.biz
我的 angular 项目遇到了同样的问题,然后我通过更改设置使其在 Chrome 中工作。进入Chrome设置-->站点设置-->不安全内容-->点击允许的添加按钮,然后添加您的域名[*.]XXXX.biz
Now problem will be solved.
现在问题将得到解决。
回答by Daniel Jesus Cristobal Rojas
I had the same problem but from IIS in visual studio, I went to project properties -> Web -> and project url change http to https
我遇到了同样的问题,但是从 Visual Studio 中的 IIS,我转到了项目属性 -> Web -> 并且项目 url 将 http 更改为 https
回答by Flavio Lopes
I solved the problem adding a slash at the end of the requesting url
我解决了在请求 url 末尾添加斜杠的问题
This way: '/data/180/' instead of: '/data/180'
这样: '/data/180/' 而不是: '/data/180'
回答by Wilmer
this is easy,
if you use .htaccess , check http: for https: ,
if you use codeigniter, check config : url_base -> you url http change for https.....
I solved my problem.
这很容易,
如果您使用 .htaccess ,请检查 http: for https: ,
如果您使用 codeigniter,请检查 config : url_base -> 您将 url http 更改为 https .....
我解决了我的问题。
