在https javascript中加载http javascript [英] loading http javascript in https javascript

问题描述

我有一个Web应用程序，该应用程序具有根html，该html(例如index.html)加载了一些Java脚本.该应用程序可通过https访问，我想加载一个通过http公开的Java脚本.

I have a web application which has root html and this html (say index.html) loads some java script. This application is accessible through https and I want to load one java script which is exposed over http.

https://mydomain/index.html包含以下代码行:

<script src="http://unsecure/custom.js" type="text/javascript"/>

当我尝试通过IDE来运行我的应用程序时，一切正常，但是当我将应用程序捆绑在war文件中并运行它时，会发生问题. 它无法通过说出以下内容来加载包含的Java脚本:

When I try to run my application thorugh IDE everything works fine but problem happens when I bundle my application in war file and run it. It fails to load the included java script by saying:

[已阻止]位于https://mydomain/的页面运行了来自http://unsecure/custom.js的不安全内容.

[blocked] The page at https: //mydomain/ ran insecure content from http: //unsecure/custom.js.

是否有任何方法可以加载此不安全的javascript，或者我需要通过安全的方式发布此不安全的javascript，然后对其进行访问(可以将此包含的Java脚本协议从http更改为https)吗?

Is there any way to load this unsecure javascript or do I need to publish this unsecure javascript through a secure way and then access it (can change this included java script protocol from http to https)?

推荐答案

通过HTTPS访问的网站使用的所有内容也必须使用HTTPS，否则将收到此警告.

All content which is used by a site, which is accessed through HTTPS, must use HTTPS as well, otherwise you get this warning.

这样做的原因:如果不是HTTPS站点的所有内容都是HTTPS，则浏览器无法判断该站点是安全的"，因此会向用户发出警告.

The reason for this: If not all content of a HTTPS site is HTTPS, the browser can't tell that the site is "secure" and therefore gives the user a warning.

这篇关于在https javascript中加载http javascript的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！