使用 JavaScript 检测 HTTPS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2855529/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Detect HTTPS with JavaScript
提问by ntan
I am trying to find how can I detect with JavaScript if I am in a HTTP or HTTPS environment.
如果我在 HTTP 或 HTTPS 环境中,我试图找到如何使用 JavaScript 进行检测。
I am calling an Ajax request so if I am in HTTPS and call HTTP Ajax then I get a 302 Moved Temporarily.
我正在调用一个 Ajax 请求,所以如果我在 HTTPS 中并调用 HTTP Ajax,那么我会得到一个 302 Moved Temporously。
I was thinking of getting the current window.location.hrefand do a string manipulation.
我正在考虑获取电流window.location.href并进行字符串操作。
What is the best way of detecting HTTPS using JavaScript?
使用 JavaScript 检测 HTTPS 的最佳方法是什么?
回答by Rich
Looking at how google analytics add their script to the page:
查看谷歌分析如何将他们的脚本添加到页面:
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
Then document.location.protocol would seem safe for all browsers.
那么 document.location.protocol 对于所有浏览器来说似乎都是安全的。
回答by Pekka
You can use the non-standard
您可以使用非标准
window.location.protocol
In Firefox: MDC documentation
在 Firefox 中:MDC 文档
In IE, it seems to be
在 IE 中,它似乎是
document.location.protocol
I can't find reliable info on how this behaves on other browsers, but I expect they adhere to the quasi-standard of document.location.protocol.
我找不到关于它在其他浏览器上的行为的可靠信息,但我希望它们遵守document.location.protocol.
Maybe the jQuery url pluginsorts this out without having to deal with cross-browser differences - I've never used it myself, but it looks promising:
也许jQuery url 插件可以解决这个问题,而不必处理跨浏览器的差异——我自己从未使用过它,但它看起来很有希望:
jQuery.url.attr("protocol");
回答by Ryan Fernandes
location.protocolworks on all browsers.
location.protocol适用于所有浏览器。
回答by Vic Seedoubleyew
How about this ?
这个怎么样 ?
var protocol = window.location.href.indexOf("https://")==0?"https":"http";
回答by jberculo
In many instances, one can omit the protocol altogether. So, instead of
在许多情况下,可以完全省略该协议。所以,而不是
<img src="https://test.com/image.jpg" />
one could use
一个可以使用
<img src="//test.com/image.jpg" />
The browser then adds the current protocol automatically. This also works for including files in the head, and it should also work for ajax calls.
然后浏览器会自动添加当前协议。这也适用于在头部包含文件,它也适用于 ajax 调用。
Edit: Doing this is now considered to be an anti-pattern:
编辑:这样做现在被认为是一种反模式:
Now that SSL is encouraged for everyone and doesn't have performance concerns, this technique is now an anti-pattern. If the asset you need is available on SSL, then always use the https:// asset.
Allowing the snippet to request over HTTP opens the door for attacks like the recent Github Man-on-the-side attack. It's always safe to request HTTPS assets even if your site is on HTTP, however the reverse is not true.
既然每个人都鼓励使用 SSL 并且没有性能问题,这种技术现在是一种反模式。如果您需要的资产在 SSL 上可用,则始终使用 https:// 资产。
允许片段通过 HTTP 请求为最近的 Github Man-on-the-side 攻击等攻击打开了大门。即使您的站点在 HTTP 上,请求 HTTPS 资产始终是安全的,但反之则不然。
see: http://www.paulirish.com/2010/the-protocol-relative-url/
回答by Yoh Suzuki
There's a really neat lib called URI for things like this. https://github.com/medialize/URI.js
有一个非常简洁的库,称为 URI 用于此类事情。 https://github.com/medialize/URI.js
You probably don't need this just to grab the protocol, but if you're going to be string manipulating URIs, you should use this.
您可能不需要它来获取协议,但是如果您要操作字符串 URI,则应该使用它。
