在使用SSL的网站上通过HTTP加载外部JavaScript文件
[英]Loading external JavaScript files over HTTP on website that uses SSL
问题描述
What are potential drawbacks of loading an external widget over HTTP when my website is accessible over HTTPS ? 
通过HTTPS访问我的网站时,通过HTTP加载外部小部件有哪些潜在的缺点?
<!-- https://www.example.com -->
<script src="http://www.external-source.com/widget.js"></script>
Are any warnings going to be displayed to the user? 是否将任何警告显示给用户? Any way to suppress them? 有什么办法压制他们吗? Will this script be loaded in all times? 是否会一直加载该脚本?
EDIT: 编辑:
What happens when we load an external JS over HTTPS, but with non-commercial certificate? 当我们通过HTTPS加载具有非商业证书的外部JS时会发生什么? Will the warnings be shown? 会显示警告吗?
1 个解决方案
解决方案1
1 已采纳 2014-09-23 08:00:12
Loading a script with plain (insecure) http inside a secure (https) site completely defeats the security of the site. 在安全(https)网站内加载带有普通(不安全)http的脚本会完全破坏该网站的安全性。 Therefore most modern browsers will simply refuse to load the script without any warnings and without giving the user a way to enforce the loading. 因此,大多数现代浏览器会简单地拒绝加载脚本,而不会发出任何警告,也不会给用户提供执行加载的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.