为什么我突然收到“阻止加载混合活动内容"?Firefox 中的问题? [英] Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox?
问题描述
今天早上,在将我的 Firefox 浏览器升级到最新版本(从 22 到 23)后,我的后台(网站)的一些关键方面停止工作.
This morning, upon upgrading my Firefox browser to the latest version (from 22 to 23), some of the key aspects of my back office (website) stopped working.
查看 Firebug 日志,报告了以下错误:
Looking at the Firebug log, the following errors were being reported:
Blocked loading mixed active content "http://code.jquery.com/ui/1.8.10/themes/smoothness/jquery-ui.css"
Blocked loading mixed active content "http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.10/jquery-ui.min.js"`
由于上述两个中的后者未加载而导致的其他错误.
among other errors caused by the latter of the two above not being loaded.
以上是什么意思,我该如何解决?
What does the above mean and how do I resolve it?
推荐答案
我发现 这篇博文 澄清了一些事情.引用最相关的部分:
I found this blog post which cleared up a few things. To quote the most relevant bit:
现在在 Firefox 23 中默认阻止混合活动内容!
Mixed Active Content is now blocked by default in Firefox 23!
什么是混合内容?
当用户访问通过 HTTP 提供的页面时,他们的连接会打开以进行窃听和中间人 (MITM) 攻击.当用户访问通过 HTTPS 提供的页面时,他们与网络服务器的连接会通过 SSL 进行身份验证和加密,从而防止窃听和 MITM 攻击.
What is Mixed Content?
When a user visits a page served over HTTP, their connection is open for eavesdropping and man-in-the-middle (MITM) attacks. When a user visits a page served over HTTPS, their connection with the web server is authenticated and encrypted with SSL and hence safeguarded from eavesdroppers and MITM attacks.
但是,如果 HTTPS 页面包含 HTTP 内容,则攻击者可以读取或修改 HTTP 部分,即使主页是通过 HTTPS 提供的.当 HTTPS 页面包含 HTTP 内容时,我们称该内容为混合".用户正在访问的网页只是部分加密,因为某些内容是通过 HTTP 未加密检索的.混合内容拦截器会阻止 HTTPS 页面上的某些 HTTP 请求.
However, if an HTTPS page includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content "mixed". The webpage that the user is visiting is only partially encrypted, since some of the content is retrieved unencrypted over HTTP. The Mixed Content Blocker blocks certain HTTP requests on HTTPS pages.
就我而言,解决方案是简单地确保 jquery 包含如下(注意删除了协议):
The resolution, in my case, was to simply ensure the jquery includes were as follows (note the removal of the protocol):
<link rel="stylesheet" href="//code.jquery.com/ui/1.8.10/themes/smoothness/jquery-ui.css" type="text/css">
<script type="text/javascript" src="//ajax.aspnetcdn.com/ajax/jquery.ui/1.8.10/jquery-ui.min.js"></script>
请注意,临时修复"是单击地址栏左上角的盾牌"图标并选择禁用此页面上的保护",尽管这不是 出于明显原因推荐.
Note that the temporary 'fix' is to click on the 'shield' icon in the top-left corner of the address bar and select 'Disable Protection on This Page', although this is not recommended for obvious reasons.
更新:此链接 来自 Firefox (Mozilla) 支持页面的内容也有助于解释混合内容的构成,如上段所述,它实际上提供了如何显示页面的详细信息:
UPDATE: This link from the Firefox (Mozilla) support pages is also useful in explaining what constitutes mixed content and, as given in the above paragraph, does actually provide details of how to display the page regardless:
大多数网站将继续正常运行,无需您采取任何行动.
Most websites will continue to work normally without any action on your part.
如果您需要允许显示混合内容,您可以轻松实现:
If you need to allow the mixed content to be displayed, you can do that easily:
点击地址栏中的屏蔽图标 Mixed Content Shield,然后从下拉菜单中选择禁用此页面上的保护.
Click the shield icon Mixed Content Shield in the address bar and choose Disable Protection on This Page from the dropdown menu.
地址栏中的图标将变为橙色警告三角形警告标识图标,以提醒您正在显示不安全的内容.
The icon in the address bar will change to an orange warning triangle Warning Identity Icon to remind you that insecure content is being displayed.
要恢复之前的操作(重新阻止混合内容),只需重新加载页面.
To revert the previous action (re-block mixed content), just reload the page.
这篇关于为什么我突然收到“阻止加载混合活动内容"?Firefox 中的问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
