javascript [url] 上的页面在 chrome 中运行了来自 [url] 的不安全内容
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18121258/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
The page at [url] ran insecure content from [url] in chrome
提问by Dinesh Nagar
When i open a link this shows following message in chrome [blocked] The page at https://www.loadmytrailer.com/beta/postload.phpran insecure content from http://code.jquery.com/ui/1.10.2/jquery-ui.js. but run fine in firefox.
当我打开一个链接时,这会在 chrome 中显示以下消息 [blocked] https://www.loadmytrailer.com/beta/postload.php上的页面运行了来自http://code.jquery.com/ui/1.10 的不安全内容。 2/jquery-ui.js。但在 Firefox 中运行良好。
[I googled it and found that when your site run on Secure SSL then it blocked some insecure content from external http sources. ]
[我用谷歌搜索,发现当您的网站在安全 SSL 上运行时,它会阻止来自外部 http 源的一些不安全内容。]
So i want to loads these insecure content anyway in chrome Please guys help me .
所以我想在 chrome 中加载这些不安全的内容请大家帮帮我。
回答by Lixas
You can use protocol-relative URLs.The browser will use the page's protocol to try to obtain the file. On non-secure pages- http. On secure pages it will use https.
您可以使用与协议相关的 URL。浏览器将使用页面的协议来尝试获取文件。在非安全页面上 - http。在安全页面上,它将使用 https。
For example, instead of:
例如,而不是:
http://code.jquery.com/ui/1.10.2/jquery-ui.js
...you can use:
...您可以使用:
//code.jquery.com/ui/1.10.2/jquery-ui.js
! notice absence of protocol
!通知没有协议
回答by thpl
That's impossible. Chrome's security policy won't allow that.
这不可能。Chrome 的安全政策不允许这样做。
Option 1:
选项1:
Host the javascript you want to load remotely by yourself and link to it relatively.
自行托管您要远程加载的 javascript 并相对链接到它。
<script type="text/javascript" src="/my/assets/js/jquery/1.10.2/jquery.min.js"></script>
Requesting a resource on your own server is protocol-independent
在您自己的服务器上请求资源与协议无关
Option 2:
选项 2:
Use CDN's that support SSL. (Google for example)
使用支持 SSL 的 CDN。(例如谷歌)
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
A relative protocol notation can be used to request the source with the proper protocol depending on the protocol the current resource is using (see above).
根据当前资源正在使用的协议(见上文),相关协议符号可用于请求具有适当协议的源。
Side Note
边注
There is a command line parameter for Chrome called "-allow-running-insecure-content", which skips the insecure content check.
Chrome 有一个名为“-allow-running-insecure-content”的命令行参数,它跳过不安全的内容检查。
I highly advise not to use it because you can't expect your users to have set that parameter.
我强烈建议不要使用它,因为您不能指望您的用户设置了该参数。
Further Reading
进一步阅读
回答by srj
For testing purposes, you could activate loading of insecure content by clicking the "shield" icon which would appear on the address bar in chrome.
出于测试目的,您可以通过单击 chrome 地址栏中出现的“盾牌”图标来激活不安全内容的加载。
回答by Dan Fox
You could try hosting jquery-ui.json your own server, assuming you control loadmytrailer.com.
您可以尝试jquery-ui.js在自己的服务器上托管,假设您控制了 loadmytrailer.com。
That way, it will be delivered to visitors over SSL, and their browsers will be happy that all content has arrived securely.
这样,它将通过 SSL 传送给访问者,他们的浏览器会很高兴所有内容都已安全到达。
回答by Marek
jquery ui is available also on https: https://code.jquery.com/ui/1.10.2/jquery-ui.js
jquery ui 也可在 https 上使用:https: //code.jquery.com/ui/1.10.2/jquery-ui.js
Link to https version if on https connection. Or host the file yourself.
如果使用 https 连接,则链接到 https 版本。或者自己托管文件。
