来自不安全 CDN 的 JS/CSS 行为 [英] Behavior of JS/CSS from unsecured CDN

问题描述

在 https 页面中使用来自不安全 CDN 的 JS/CSS 时，

When using JS/CSS from unsecured CDN in https page,

A. 一些页面会阻止加载 js/css，并因 js 代码不足而导致运行时错误.

A. Some pages block loading js/css, and cause runtime error by short of js code.

B. 某些页面不会阻止加载 js/css，页面显示为完全不安全的内容.

B. Some pages do not block loading js/css, pages are shown as entirely insecure contents.

这些行为有什么区别?即使使用相同的浏览器(我在 Mac OS X 中使用 Chrome 51.0.2704.103(64 位))并看到相同的页面，行为有时也会改变......

What is the difference of these behaviors? Even if using same browser (I'm using Chrome 51.0.2704.103 (64-bit) in Mac OS X) and seeing same page, behavior changes sometimes...

index.html 的一些响应头是否可以控制这种行为?有人知道吗?

May some response headers of index.html or so control this behavior? Anyone know about this?

我朋友创建的页面https://cfn-iot-heatmap.herokuapp.com/，之前这个页面的行为就像A，内容全白了.在这种情况下，不安全的 CDN 内容是:

My friend create page https://cfn-iot-heatmap.herokuapp.com/, in before, this page's behavior was like A, contents are totally white out. In this case, insecure CDN contents are:

• https://cdn.leafletjs.com/leaflet-0.6.4/传单.js
• https://cdn.leafletjs.com/leaflet-0.6.4/传单.css

我得到了这个页面的源代码并部署到我的heroku存储库https://kinkyujitai.herokuapp.com/，它显示为B.但是奇怪的是，我部署了我的仓库后，朋友的仓库也像B一样工作，显示安全警告但显示.

I got source codes of this page and deployed to my heroku repository https://kinkyujitai.herokuapp.com/, it is shown like B. But curious, after I deployed my repository, friend's repository also works like B, showing security warning but shown.

很好奇，所以想知道这种现象的原因...

It is very curious, so I want to know the reason of this phenomena...

推荐答案

从安全 (https) 来源开始，您应该始终包含安全元素.

From a secure (https) origin, you should always include secure elements.

如果不这样做，浏览器可以阻止不安全的请求和/或删除安全性的视觉指示.

If you don't, browser can block insecure request and/or remove the visual indication of the security.

这篇关于来自不安全 CDN 的 JS/CSS 行为的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！