将混合内容重定向到HTTPS的正确htaccess规则是什么 [英] What's correct htaccess rule to redirect mixed content to HTTPS

问题描述

是否存在htaccess重定向条件并重定向以捕获通过HTTPS访问站点时通过HTTP调用的内容？

Is there a way with htaccess redirect conditions and redirects to catch content called over HTTP when the site is accessed via HTTPS?

这样HTTP内容将被重定向到

Such that http content will be redirected to the https equivalent url if the site is accessed over HTTPS?

本质上，我想通过HTTPS访问我的网站时自动删除和处理混合内容的方式是https等效的url。

Essentially I'd like a automated way to mop up and deal with mixed content when my site is accessed via HTTPS.

到目前为止，以下内容修复了通过HTTPS访问站点时通过HTTP调用的所有.css和.js文件。

So far the following fixed all .css and .js files being called over HTTP when site is accessed through HTTPS.

RewriteRule ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]

但是出于某些原因这不会重定向在HTTPS会话中通过HTTP调用我网站上的图像请求（例如）。

But for some reason this does not redirect requests for images (for instance) on my site being called through HTTP during an HTTPS session.

我也尝试了此规则，

RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

但这也没有重定向图像。

but that didn't redirect the images either.

我认为必须有一种方法来测试连接是否通过HTTPS，然后将任何http：// URL重写为等效的https：//。我只是不确定如何正确制定规则。

I figure there must be a way to test if connection is over HTTPS, then rewrite any http:// urls to an https:// equivalent. I am just not sure how to formula the rules correctly.

推荐答案

这不起作用。

浏览器将看到http请求，并将页面标记为包含不安全的内容。正确的做法是，请求将通过http发出，然后重定向到https。因此，它是不安全的。

The browser will see the http request and mark the page as containing insecure content. And rightly so as the request will be made over http, and then redirected to https. So it is insecure because of that.

您要做的就是使用Content-Security-Policy要求网络浏览器更新加载页面时请求

What you want to do is use Content-Security-Policy to ask the web browser to update the request when it loads the page

Header always set Content-Security-Policy: upgrade-insecure-requests

有关更多信息，请参见此处： https://www.w3.org/TR/upgrade-insecure-requests/

See here for more info: https://www.w3.org/TR/upgrade-insecure-requests/

注意浏览器支持为为此混合使用： http://caniuse.com/#search=upgrade%20insecure

Note browser support is mixed for this: http://caniuse.com/#search=upgrade%20insecure

这篇关于将混合内容重定向到HTTPS的正确htaccess规则是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！