Chrome 现在阻止从 https 到 http 的所有 jsonp 请求? [英] Chrome now blocking all jsonp requests from https to http?
问题描述
最近 Chrome 停止显示通过 jsonp 加载的数据并出现错误
At some point recently Chrome has stopped showing data loaded via jsonp with the error
[已阻止] https://user.example.com/category/12345 上的页面运行了来自http://livedata.example.com/Data.svc/jsonp/GetData?category=12345&callback=_jsp&_1346417951424=.
[blocked] The page at https://user.example.com/category/12345 ran insecure content from http://livedata.example.com/Data.svc/jsonp/GetData?category=12345&callback=_jsp&_1346417951424=.
它在所有其他浏览器上仍然可以正常工作,并且已经在运行 Chrome 的多台不同计算机上得到确认.
It still works fine on all other browsers, and has been confirmed on several different computers running Chrome.
我之前唯一提到过这个问题是当页面是从 Google 自己的域之一提供时(我猜是 Google Apps 的安全功能?),现在所有域都启用了这个功能吗?最新版本的 Chrome?
The only mention I've seen of this problem before is when the page was served from one of Google's own domains (a security feature for Google Apps I guess?), is this something that has been enabled on all domains now in a recent version of Chrome?
理想情况下,我们不希望在我们的 livedata 子域上启用 https,因为它会导致额外的服务器负载,数据都是公开可用的,因此没有迫切需要对其进行加密.
Ideally we don't want to have to enable https on our livedata subdomain because of the extra server load it would cause, the data is all publicly available so there's no pressing need to encrypt it.
推荐答案
它绝对应该阻止它 - 它不安全并且违背了 HTTPS 的承诺.
It definitely should block it - it's insecure and breaks the promise of HTTPS.
JSONP 资源获取是通过创建一个指向目标的
