堆栈内存溢出
  简体   繁体   English

WebSphere 门户内容上 chrome 的混合内容问题

[英]Mixed content issue of chrome facing on WebSphere portal content

 原文  2021-02-01 09:21:10       websphere-portal/ mixed-content

问题描述

We are working with websphere portal and curently dealing with chrome mixed content issue,我们正在与 websphere 门户合作,目前正在处理 chrome 混合内容问题,

Mixed Content: The site at 'https://tgcs551.commerce.toshiba.com/' was loaded over a secure connection, but the file at 'http://tgcs04.toshibacommerce.com/cs/groups/internet/documents/document/bl82/mtqw/~edisp/tcxtu_win_614014x.zip?_ga=2.95374741.800005762.1609132621-1301842396.1608820702' was redirected through an insecure connection.混合内容:“https://tgcs551.commerce.toshiba.com/”上的站点是通过安全连接加载的,但“http://tgcs04.toshibacommerce.com/cs/groups/internet/documents/”上的文件document/bl82/mtqw/~edisp/tcxtu_win_614014x.zip?_ga=2.95374741.800005762.1609132621-1301842396.1608820702' 通过不安全的连接重定向。 This file should be served over HTTPS.此文件应通过 HTTPS 提供。 This download has been blocked.此下载已被阻止。 See https://blog.chromium.org/2020/02/protecting-users-from-insecure.html for more details.有关详细信息,请参阅https://blog.chromium.org/2020/02/protecting-users-from-insecure.html

we tried below meta data in our static theme also.我们也在 static 主题中尝试了以下元数据。

but we had not get any success.但我们没有取得任何成功。

Then we tried to right Content-Security-Policy in our httpd.conf file of http server of our websphere portal.然后我们尝试在我们的 websphere 门户的 http 服务器的 httpd.conf 文件中正确的 Content-Security-Policy。

  1. Header always set Content-Security-Policy "upgrade-insecure-requests;" Header 始终设置 Content-Security-Policy "upgrade-insecure-requests;"

  2. Header set Content-Security-Policy "default-src https://tgcs04.toshibacommerce.com; child-src 'none'; object-src 'none'" Header 设置 Content-Security-Policy "default-src https://tgcs04.toshibacommerce.com; object-src 'none'n"
  1. Header set Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self' http://tgcs04.toshibacommerce.com; style-src 'self'" Header set Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self' http://tgcs04.toshibacommerce.com; style-src 'self'"

But not get any success, and finally we realised by checking logs the request of http://tgcs04.toshibacommerce.com is not going to the http server.但是没有成功,最后我们通过查看日志发现http://tgcs04.toshibacommerce.com的请求是不会去http服务器的。

we already have SSL certified website also.我们也已经拥有 SSL 认证网站。 We can't move to https.我们不能移动到 https。

so anyone can help us in this solution.所以任何人都可以在这个解决方案中帮助我们。

1 个解决方案

解决方案1
 0  2021-02-02 07:37:56

Mixed Content: The site at 'https://tgcs551.commerce.toshiba.com/' was loaded over a secure connection, but...混合内容:“https://tgcs551.commerce.toshiba.com/”上的站点是通过安全连接加载的,但是...

Just curious how do you loads https://tgcs551.commerce.toshiba.com via https: with invalid cert:只是好奇你如何通过 https 加载https://tgcs551.commerce.toshiba.com : 证书无效: 在此处输入图像描述

If you are unable to change http://tgcs04.toshibacommerce.com/cs/... to the https: in the HTML code, the Header always set Content-Security-Policy "upgrade-insecure-requests;" If you are unable to change http://tgcs04.toshibacommerce.com/cs/... to the https: in the HTML code, the Header always set Content-Security-Policy "upgrade-insecure-requests;" should help.应该有帮助。 But I do not see any Content-Security-Policy in the responce header:但我在响应 header 中没有看到任何内容安全策略: 在此处输入图像描述

Of course, CSP header should be publushed on the download page(I do not know it Url).当然,CSP header 应该在下载页面上发布(我不知道它的网址)。 but none of https://tgcs04.toshibacommerce.com/cs/ , http://tgcs04.toshibacommerce.com/cs/groups/internet/ , etc do not have CSP header.https://tgcs04.toshibacommerce.com/cs/http://tgcs04.toshibacommerce.com/cs/groups/internet/没有 CSP Z03974936.40DBF3

Also weird thing: http://tgcs04.toshibacommerce.com/ redirects to httpS://tgcs04.toshibacommerce.com/ , http://tgcs04.toshibacommerce.com/cs/groups/ redirects to https: too. Also weird thing: http://tgcs04.toshibacommerce.com/ redirects to httpS://tgcs04.toshibacommerce.com/ , http://tgcs04.toshibacommerce.com/cs/groups/ redirects to https: too. But http://tgcs04.toshibacommerce.com/cs/groups/internet/... already does not have redirect.但是http://tgcs04.toshibacommerce.com/cs/groups/internet/...已经没有重定向。
Also all the Urls above redirects to login page, but direct download http://tgcs04.toshibacommerce.com/cs/groups/internet/documents/document/bl82/mtqw/~edisp/tcxtu_win_614014x.zip is possible without auth.上面的所有网址也都重定向到登录页面,但直接下载http://tgcs04.toshibacommerce.com/cs/groups/internet/documents/document/bl82/mtqw/~edisp/tcxtu_win_614014x.zip是可能的Was is intended so?原来是这样吗?

Fix the SSL certs (may be it's better to generate wildcard cert *.toshibacommerce.com ) and make to be published CSP header.修复 SSL 证书(最好生成通配符证书*.toshibacommerce.com )并发布 CSP Z099FB995346F31C749F6E40DB0F395E

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Websphere Portal 8中的Web Content Viewer Portlet中的问题 - Issue in Web Content Viewer Portlet in websphere portal 8 如何在WebSphere Portal 7上将“标准门户”页面转换为“静态内容”页面? - How to convert a “Standard Portal” page to a “Static Content” page on WebSphere Portal 7? WebSphere Portal 7:使用rss / atom feed作为Portlet的内容提供程序。 可能吗? - WebSphere Portal 7: use rss/atom feed as a content provider for portlets. Is it possible? WebSphere Portal 8.5集群创建问题 - WebSphere portal 8.5 cluster creation issue 搜索Websphere Portal 6和Websphere Portal 8 - search websphere portal 6 and websphere portal 8 WebSphere Portal服务器未启动 - WebSphere portal server not starting Websphere Portal上的字符编码 - Character encoding on Websphere Portal Websphere门户网站停用门户网站页面 - Websphere portal deactivate portal pages Liferay Portal:与Websphere Portal有何不同 - Liferay Portal : How different from Websphere Portal 在 Websphere Portal 上使用 Maven 读取 Spring Portlets Build 上的文件问题 - Issue with reading file on Spring Portlets Build with Maven on Websphere Portal
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM