使用 javascript 检测混合内容
[英]Detect mixed content with javascript
问题描述
I'm looking for a way to detect (in javascript / angular) whether there is one or more mixed content issue in order to inform the users that this page uses http links instead of correct https ones.
我正在寻找一种方法来检测(在 javascript / angular 中)是否存在一个或多个混合内容问题,以便通知用户此页面使用 http 链接而不是正确的 https 链接。
It's a crucial feature, this project is only about user created content, and content not showing up because of https is regarded as a major failure if no information message is provided.这是一个很关键的特性,这个项目只是关于用户创建的内容,如果没有提供信息消息,因为https导致内容不显示被视为重大失败。
So far I stumbled on, iframe / Image load failure detection but this could also be numerous other issues (broken links, ...).到目前为止,我偶然发现了 iframe/图像加载失败检测,但这也可能是许多其他问题(断开的链接,...)。
Any ideas on the matter would be highly appreciated !对此事的任何想法将不胜感激!
1 个解决方案
解决方案1
1 2020-04-30 01:07:00
I just had the same issue, look at this document:我刚刚遇到了同样的问题,请查看此文档:
https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content#content_security_policy https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content#content_security_policy
It has very useful information, especially this is useful:它有非常有用的信息,尤其是这个很有用:
Content-Security-Policy-Report-Only: default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://example.com/reportingEndpoint
It took me a while to understand what it means, but basically it reads: don't allow to load urls of any kind that are not https, but allow inline scripts/styles and eval scripts in script blocks.我花了一段时间才理解它的含义,但基本上它是这样写的:不允许加载任何类型的非 https url,但允许在脚本块中使用内联脚本/样式和 eval 脚本。 Don't act on matches, just report them to this url不要对匹配项采取行动,只需将它们报告到此 url
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.