Javascript 该页面已通过 HTTPS 加载,但请求了不安全的 XMLHttpRequest 端点
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/47549323/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
The page was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint
提问by Joshua Paul
I am calling a rest API from Httpsdeployed Application to HttpRest API. I have written the logic in JavaScript by using Angular Js framework. The web service call got failed with the below message.
我正在从Https部署的应用程序调用 rest API到HttpRest API。我已经使用 Angular Js 框架在 JavaScript 中编写了逻辑。Web 服务调用失败并显示以下消息。
The page at 'https://********someurl****' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint
“https://********someurl****”页面已通过 HTTPS 加载,但请求了不安全的 XMLHttpRequest 端点
Requesting if any one can help me get out of this error.
请求是否有人可以帮助我摆脱这个错误。
回答by Pankaj Shinde
Workaround:
解决方法:
1- Click the shield icon in the far right of the address bar.
1- 单击地址栏最右侧的盾牌图标。
Allow mixed content in Google Chrome
允许在 Google Chrome 中混合内容
2- In the pop-up window, click "Load anyway" or "Load unsafe script".
2- 在弹出窗口中,单击“始终加载”或“加载不安全的脚本”。
If you want to set your Chrome browser to ALWAYS(in all webpages) allow mixed content:
如果要将 Chrome 浏览器设置为始终(在所有网页中)允许混合内容:
1- Close Chrome. Chrome must be fully closed before the next steps.
1- 关闭 Chrome。在下一步之前必须完全关闭 Chrome。
2- Right-click the Google Chrome desktop icon (or Start Menu link). Select Properties.
2- 右键单击 Google Chrome 桌面图标(或开始菜单链接)。选择属性。
3- At the end of the existing information in the Target field, add: " --allow-running-insecure-content" (There is a space before the first dash.)
3- 在目标字段中现有信息的末尾,添加:“--allow-running-insecure-content”(第一个破折号前有一个空格。)
4- Click OK.
4- 单击确定。
5- Open Chrome and try to launch the content that was blocked earlier. It should work now.
5- 打开 Chrome 并尝试启动之前被阻止的内容。它现在应该可以工作了。
This is just workaround and you need to solve by securing both app and rest api.
这只是解决方法,您需要通过保护应用程序和休息 api 来解决。
回答by Christabella Irwanto
You should only make requests over HTTPS from your HTTPS application — there is no other workaround for this, and mixing protocols can also put your application security at risk.
您应该只从您的 HTTPS 应用程序通过 HTTPS 发出请求——没有其他解决方法,并且混合协议也会使您的应用程序安全面临风险。
回答by klugjo
Use an https endpoint for your Rest API, otherwise you will end up with mixed content
为您的 Rest API 使用 https 端点,否则您最终会得到混合内容
- HTTPS is important to protect both your site and your users from attack.
- Mixed content degrades the security and user experience of your HTTPS site.
- HTTPS 对于保护您的站点和用户免受攻击非常重要。
- 混合内容会降低 HTTPS 站点的安全性和用户体验。
