Javascript jQuery 加载 https url
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30663615/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Jquery load https url
提问by RoverDar
I have this problem. In external web site I have a script like this:
我有这个问题。在外部网站中,我有一个这样的脚本:
<div id="idtest"></div>
<script src="//example.com/widget.js" type="text/javascript"></script>
example.com is in https (allow both http and https). In the server in the script widget.js I have:
example.com 在 https(允许 http 和 https)。在脚本 widget.js 的服务器中,我有:
$('#idtest').load("https://example.com/index.html")
I get this error: Mixed Content: The page at 'thepage' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example.com/index.html'. This request has been blocked; the content must be served over HTTPS.
我收到此错误:混合内容:“thepage”中的页面已通过 HTTPS 加载,但请求了不安全的 XMLHttpRequest 端点“ http://example.com/index.html”。此请求已被阻止;内容必须通过 HTTPS 提供。
I don't understand: why the error and why the endpoint is in "http"? thanks
我不明白:为什么会出现错误以及为什么端点在“http”中?谢谢
EDIT
编辑
More information:
更多信息:
if in the widget.js I do this:
如果在 widget.js 我这样做:
$('#idtest').load("./index.html")
the content is load and all works perfectly if I load the script in my site.
如果我在我的网站中加载脚本,则内容已加载并且一切正常。
If I do something like:
如果我做这样的事情:
x = "https://example.com"
$('#idtest').load(x + "/index.html")
or
或者
$('#idtest').load("https://example.com/index.html")
I get the error (if I put the script in my site or in external site). Why?
我收到错误消息(如果我将脚本放在我的站点或外部站点中)。为什么?
EDIT 2
编辑 2
more informations:
更多信息:
my site is in django
我的网站在 Django
EDIT 3
编辑 3
In firefox I load the page in https and http. It doesn't work in Chrome. I see this situation in firefox net analyzer when call the url :
在 Firefox 中,我以 https 和 http 加载页面。它在 Chrome 中不起作用。调用 url 时,我在 Firefox 网络分析器中看到这种情况:
302 https://example.com/index.html200 http://example.com/index.html[mixed content]
302 https://example.com/index.html200 http://example.com/index.html[混合内容]
What understand this situation (https to http)? Could be a Django redirect problem?
这种情况怎么理解(https转http)?可能是 Django 重定向问题吗?
回答by Dave Alperovich
A mixed content errorhappens when:
在以下 情况下会发生混合内容错误:
- you try to load secure content SSL(
https) on a page served insecurely (http) served
- 您尝试在不安全 ( ) 服务的页面上加载安全内容SSL(
https)http
Or the opposite
或者相反
- you try to load insecure content (
http) on a page served securely SSL(https) served
- 您尝试
http在安全提供SSL(https) 服务的页面上加载不安全内容 ( )
Your error message is warning that your calling page has been loaded in insecure mode
您的错误消息警告您的调用页面已在不安全模式下加载
You haven't explicitly explained this, but your error indicated your page is being served without SSL. When you try to load a protected resource this becomes a mixed modeproblem of protected resources and insecure.
您没有明确解释这一点,但您的错误表明您的页面是在没有SSL 的情况下提供的。当您尝试加载受保护资源时,这将成为受保护资源和不安全的混合模式问题。
If possible, you try to serve the reference file the same way
如果可能,您尝试以相同的方式提供参考文件
You can serve your main page in SSL(
https)You can request the partial page in
http$('#idtest').load("http://example.com/index.html")
您可以在SSL(
https) 中提供您的主页您可以请求部分页面
http$('#idtest').load(" http://example.com/index.html")
or
或者
- Just as you have resolved it, request the partial page without protocol. Now your loaded file will be loaded using the protocol used by your page.
- 就像您已经解决它一样,请求没有协议的部分页面。现在您加载的文件将使用您的页面使用的协议加载。
About your specific resource:
关于您的特定资源:
I tried loading:
我尝试加载:
and
和
https://example.com/index.html
https://example.com/index.html
The result was the same. I got a simple page with the message:
结果是一样的。我得到了一个带有消息的简单页面:
Example Domain
示例域
This domain is established to be used for illustrative examples in documents. You may use this domain in examples without prior coordination or asking for permission.
建立此域是为了用于文档中的说明性示例。您可以在没有事先协调或征得许可的情况下在示例中使用此域。
回答by Julien Bachmann
I think it is more a problem of cross origin domain.
我认为这更多是跨域的问题。
the $.load function of jquery use ajax to load the url and so you cannot do cross domain call if the target URL does not implement CORS headers.
jquery 的 $.load 函数使用 ajax 加载 url,因此如果目标 URL 没有实现 CORS 标头,则无法进行跨域调用。
In your example, the server example.com must return a header
在您的示例中,服务器 example.com 必须返回一个标头
Access-Control-Allow-Origin: *
You can also replace * with the domain of the page that want to load the content by AJAX.
您还可以将 * 替换为要通过 AJAX 加载内容的页面的域。
A good blog post on how to use CORS: http://www.html5rocks.com/en/tutorials/cors/
关于如何使用 CORS 的好博文:http://www.html5rocks.com/en/tutorials/cors/
回答by Albert Català
I had this issue on Ruby on Rails webpage and the the mistake was to use "_url" helper instead of "_path" helper, on a https webpage:
我在 Ruby on Rails 网页上遇到了这个问题,错误是在 https 网页上使用了“_url”助手而不是“_path”助手:
in a view:
wrong: borrar_linea_factura_url(l)
在一个观点:错误:borrar_linea_factura_url(l)
ok: borrar_linea_factura_path(l)
好的: borrar_linea_factura_path(l)
As a recap of said before:
正如之前所说:
"_url" helper generates /controller/action/params
“_url”助手生成 /controller/action/params
"_path" helper generates https://controller/action/params
“_path”助手生成 https://controller/action/params
