堆栈内存溢出
  简体   繁体   English

HTTPS页面解决方案下的HTTP内容

[英]HTTP content under HTTPS page solution

 原文  2013-09-10 16:05:33       javascript/ html/ http/ https

问题描述

I'm having a website which a part of HTML is loaded from external, in this part, they defined some resource such as javascript or css and these resources will be a part of my website (for stylesheet or javascript interaction) 我有一个网站,其HTML的一部分是从外部加载的,在这一部分中,他们定义了一些资源,例如javascript或css,这些资源将成为我的网站的一部分(用于样式表或javascript交互)

Unfortunately, my owned website is running under a HTTPS, and external part contains some resources under HTTP, it's not good practice because inside a HTTPS page, there are no insecure content allowed. 不幸的是,我拥有的网站在HTTPS下运行,并且外部部分包含HTTP下的某些资源,这不是一个好习惯,因为在HTTPS页面内,不允许有不安全的内容。 I don't have right to change everything in external to https, so I have to give a solution for this issue, something I was thinking about that is building an engine for parsing all external content, and change all links in http to valid URL, however there are several issues because I don't know what content contained within it. 我无权更改https外部的所有内容,因此我必须为该问题提供解决方案,我正在考虑的事情是构建一个用于解析所有外部内容的引擎,并将http中的所有链接更改为有效URL ,但是有几个问题,因为我不知道其中包含什么内容。

If you were me, what solution should be given? 如果您是我,应该给出什么解决方案?

1 个解决方案

解决方案1
 0  2013-09-10 16:11:34

Personally... I wouldn't use off-site content that i don't control on a page worthy of ssl-encryption (aka could be made malicious by a hacker or annoyed dev). 就个人而言...我不会使用我无法在值得ssl加密的页面上控制的异地内容(也可能会被黑客或恼火的开发人员所恶意化)。

However, if you must do it, then your only option is some sort proxy, that parses the off-site content before being loaded into your page. 但是,如果必须这样做,则唯一的选择是某种排序代理,该代理在将非现场内容加载到页面之前将其解析。 If it's static, or at least doesn't change on every request, you could cache it to improve load times and save parsing it on every request. 如果它是静态的,或者至少在每个请求上都没有改变,则可以对其进行缓存以缩短加载时间并保存对每个请求的解析。

That is of course assuming the off-site content cannot be made to use https anyway (can you just pass //offsite-com/script.js instead and the off-site content auto-detect whether to return any url's as https 这当然是假设场外内容无论如何都不能使用https(您可以只传递//offsite-com/script.js ,场外内容会自动检测是否以https返回任何网址)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从https页面链接到http内容 - Linking to http content from https page 在HTTPS页面中访问HTTP时出现“混合内容”错误 - “Mixed content” Error when accessing HTTP within HTTPS page 在 HTTPS 页面中运行 HTTP AJAX 操作时出现“混合内容被阻止” - "Mixed content blocked" when running an HTTP AJAX operation in an HTTPS page 未阻止从 HTTPS 页面到 HTTP(非 HTTPS)本地主机地址的混合内容请求 - Mixed-content request from HTTPS page to HTTP (non-HTTPS) localhost address not blocked HTTPS页面上的不安全内容 - Insecure content on HTTPS page 在https连接中加载的Http内容 - Http content loaded in https connection HTTPS页面中的HTTP iFrame空白 - HTTP iFrame blank in HTTPS page 添加 HTTP 链接到 SSL HTTPS 页面,而不会导致混合内容“不安全”错误 - Add a HTTP link to SSL HTTPS page without causing Mixed-Content “Not Secure” error 如何在http://页面中加载Signin https://页面 - How to Load a Signin https:// page in a http:// Page Heroku混合内容HTTPS / HTTP问题 - Heroku Mixed content HTTPS/HTTP issue
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM