简单的 jQuery 代码可以正常工作,直到通过 https:// 加载站点
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1056497/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Simple jQuery code works fine until site is loaded via https://
提问by Plasticated
I have a simple peice of jQuery code that submits a form and hides/shows some on screen information. It works fine when tested, until loaded via https:// upon which it breaks in IE7. It appears to break totally, with none of the script having any effect. I also get the IE warning that "some elements are insecure".
我有一个简单的 jQuery 代码,它提交一个表单并隐藏/显示一些屏幕信息。它在测试时工作正常,直到通过 https:// 加载它在 IE7 中中断。它似乎完全中断,脚本没有任何效果。我还收到 IE 警告,提示“某些元素不安全”。
Does anyone have any experience of this happening? Or even better, a solution! I have to load the page via https as its a credit card payment page.
有没有人有过这种情况发生的经验?或者更好的是,一个解决方案!我必须通过 https 加载页面作为信用卡支付页面。
回答by Funka
The three previous answers all mention the problem of a secured "https" page trying to include scripts or other resources (stylesheets, images, etc) from an "http" path...
前三个答案都提到了安全的“https”页面试图包含来自“http”路径的脚本或其他资源(样式表、图像等)的问题......
I would like to add to these, and note that if you have a situation where the same pages could be loaded via eitherhttp or https, then you can create "protocol-less" URLs---the protocol will be assumed to be the same as the current page. Note this is only needed for accessing resources on different domains (and will only work if those different domains support both http and https), because obviously if you're accessing resources on the same domain, you don't need to start with http:// at all...
我想补充到这些,并注意,如果你有在同一页面可以通过加载的情况无论是HTTP或HTTPS,那么你就可以创建“协议少”的网址---该协议将被假定为与当前页面相同。请注意,这仅在访问不同域上的资源时才需要(并且仅当这些不同的域同时支持 http 和 https 时才有效),因为显然如果您正在访问同一域上的资源,则不需要以 http 开头: // 根本...
For example, each of these three resources would assume either http or https depending on how the current page was accessed:
例如,这三个资源中的每一个都将根据当前页面的访问方式假定为 http 或 https:
<script src="//www.example.com/whatever.js" type="text/javascript"></script>
<img src="//www.example.com/someimage.png" alt="whatever" />
<link href="//www.example.com/styles.css" rel="stylesheet" />
回答by John Kugelman
If you serve a page via https://then every resource link should also use https://. Look out for
如果您通过一个页面提供服务,https://那么每个资源链接也应该使用https://. 密切注意,提防,小心
<script type="text/javascript" src="http://.../jquery.js"></script>
回答by Plasticated
Thank you for all your input. The problem was eventually tracked down to an image mentioned in Thickbox.js.
感谢您的所有投入。问题最终被追踪到了 Thickbox.js 中提到的一张图片。
Because that had a http:// (not https://) url it was causing the error message. The security message that pops up has a yes or no to loading insecure content, and clicking yes was telling the browser to stop loading any jQuery at all.
因为它有一个 http://(不是 https://)url,所以它导致了错误消息。弹出的安全消息对加载不安全的内容有是或否,单击是告诉浏览器完全停止加载任何 jQuery。
A tricky one indeed so I thought I would answer myself in the hope it might help someone else with the same problem.
确实是一个棘手的问题,所以我想我会回答自己,希望它可以帮助遇到同样问题的其他人。
回答by yfeldblum
If the client used HTTPS to request the page, then the page should link to all media (images, scripts, stylesheets) via HTTPS.
如果客户端使用 HTTPS 请求页面,则页面应通过 HTTPS 链接到所有媒体(图像、脚本、样式表)。
If the client used HTTP to request the page, then you should send this HTML fragment within your response:
如果客户端使用 HTTP 请求页面,那么您应该在响应中发送此 HTML 片段:
<head>
<script
type="text/javascript"
src="http://my.domain.com/app/media/jquery.js"
></script>
</head>
If the client used HTTPS to request the page, then you should send this HTML fragment within your response:
如果客户端使用 HTTPS 请求页面,那么您应该在响应中发送此 HTML 片段:
<head>
<script
type="text/javascript"
src="https://my.domain.com/app/media/jquery.js"
></script>
</head>
The difference is that, when the client requests the page with HTTPS, the server sends back a link to the jquery script that starts with https://.
不同之处在于,当客户端使用 HTTPS 请求页面时,服务器会发回一个指向以 .js 开头的 jquery 脚本的链接https://。
回答by Fry
You may also see a similar behaviour if you are using jquery from code.jquery.com
如果您使用来自 code.jquery.com 的 jquery,您也可能会看到类似的行为
eg:
例如:
code.jquery.com does not have a valid SSL.
code.jquery.com 没有有效的 SSL。
This may cause other scripts to not work correctly.
这可能会导致其他脚本无法正常工作。
use the google cdn instead or load the jquery from your own server
改用 google cdn 或从您自己的服务器加载 jquery
Hope it helps
希望能帮助到你
回答by david wendelken
I was using IE 11 as the browser.
我使用 IE 11 作为浏览器。
Solution: Do not use compatibility mode. Tools->Compatibility View Settings.
解决方法:不要使用兼容模式。工具->兼容性视图设置。
Symptoms:
症状:
Program had worked fine in http mode.
程序在 http 模式下运行良好。
Browser reported an error at a line, claiming an identifier was expected.
浏览器在一行报告了一个错误,声称需要一个标识符。
Browser would not allow debugging on the jquery library file. File did not show up in the list of files to debug, break points could be set on the file if accessed via the error message in the developer's console log, but the breakpoints were disabled.
浏览器不允许对 jquery 库文件进行调试。文件未显示在要调试的文件列表中,如果通过开发人员控制台日志中的错误消息访问,则可以在文件上设置断点,但断点已禁用。
Browser clearly showed the file was loaded successfully.
浏览器清楚地显示文件已成功加载。
No error appeared when using a different browser.
使用其他浏览器时没有出现错误。
Hint: I stripped the test program down to loading the jquery library file and a single div that displayed fixed text, so there wasn't any of my own code to go wrong. That greatly simplified the list of what could be wrong.
提示:我将测试程序分解为加载 jquery 库文件和显示固定文本的单个 div,因此我自己的代码没有任何错误。这大大简化了可能出错的列表。
