使用Apache VirtualHost的Wordpress网站上的混合内容错误
[英]Mixed Content errors on Wordpress site with Apache VirtualHost
问题描述
I got Mixed Content errors on wordpress site, after I set up automatic redirection from http to https on apache. 
在apache上设置从http到https的自动重定向后,在wordpress网站上出现了混合内容错误。
Mixed Content: The page at 'https://example.example.com/' was loaded over HTTPS, but requested an insecure stylesheet http://example.example.com/wp-content/uploads/elementor/css/post-2612.css?ver=1481615259'. This request has been blocked; the content must be served over HTTPS
I want to know if the problem with my htaccess / virtualhost or maybe with the code, css, etc.. 我想知道我的htaccess / virtualhost还是代码,css等问题。
My htaccess code looks like this: 我的htaccess代码如下所示:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
My VirtualHost looks like this: 我的VirtualHost看起来像这样:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
ServerName example.example.com
ServerAdmin hostmaster@example.com
DocumentRoot /mnt/data/html1
ErrorLog /mnt/data/html1/example.example.com_error.log
CustomLog /mnt/data/html1/example.example.com_access_log combined env=!dontlog
</VirtualHost>
<VirtualHost _default_:443>
SSLEngine on
RewriteEngine On
RewriteCond %{HTTPS} on
SSLCertificateFile /etc/httpd/sites-available/crt.crt
SSLCertificateKeyFile /etc/httpd/sites-available/pem.pem
ServerName example.example.com
DocumentRoot /mnt/data/html1
ErrorLog /mnt/data/html1/example.example.com_error.log
CustomLog /mnt/data/html1/example.example.com_access_log combined env=!dontlog
</VirtualHost>
<Directory "/mnt/data/html1">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /mnt/data/html1/.htpasswd
Require valid-user
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
1 个解决方案
解决方案1
1 已采纳 2016-12-14 21:48:30
Tracking down and solving all mixed content issues can be annoying. 跟踪并解决所有混合内容问题可能很烦人。 Here's an excellent guide from google to methodically go through it. 这是google提供的有条理的指南,有条不紊地进行了介绍。 https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content
personally i have been using cloudflare's auto rewrite system at DNS level, which is completely turnkey and an excellent trick for the lazy. 我个人一直在DNS级别使用cloudflare的自动重写系统,这完全是交钥匙的,对懒惰者来说是个绝妙的绝招。
Although chrome should identify the difference between content loaded via 3rd party (let's say you have JS vendor lib which is pulling in assets from somewhere, I understand this sometimes contributes to the warning, reviewing your network tab in browser will identify which outbound links are triggering the problem. 尽管chrome应该识别通过第三方加载的内容之间的差异(例如,您有JS供应商库,它正在从某处提取资产,但我知道这有时会引发警告,请在浏览器中查看网络标签,以找出触发了哪些出站链接问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.