为什么我突然收到“阻止加载混合活动内容”问题在Firefox? [英] Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox?
问题描述
<查看Firebug日志,报告了以下错误:
阻止加载混合活动内容http://代码.jquery.com / ui / 1.8.10 / themes / smoothness / jquery-ui.css
阻止加载混合活动内容http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.10 /jquery-ui.min.js`
没有被加载。
以上是什么意思,我该如何解决它?
我发现这篇博文清除了一些事情。引用最相关的位:
混合活动内容现在在Firefox 23中默认被阻止!
什么是混合内容?
然而,如果HTTPS页面包含HTTP内容,即使通过HTTPS提供主页面,攻击者也可以读取或修改HTTP部分。当HTTPS页面包含HTTP内容时,我们称该内容为混合。用户访问的网页只是部分加密的,因为有些内容是通过HTTP加密的。混合内容阻止程序阻止HTTPS页面上的某些HTTP请求。
当用户访问通过HTTP提供的页面时,他们的连接是开放的,用于窃听和中间人MITM)攻击。当用户访问通过HTTPS提供的页面时,他们与Web服务器的连接将通过SSL进行身份验证和加密,从而保护他们免受窃听者和MITM攻击。
在我的例子中,解决方法是简单地确保<$ c
< / code>包含如下内容(注意删除协议): link rel =stylesheethref =// code.jquery.com/ui/1.8.10/themes/smoothness/jquery-ui.csstype =text / css>
请注意,临时的修复是点击屏蔽地址栏的左上角,然后选择在此页面禁用保护,但由于显而易见的原因,建议不要使用 。 b
更新:此链接来自Firefox(Mozilla)支持页面在解释什么是混合内容也是有用的,正如在上面的段落中给出的那样,实际上提供了如何显示页面的细节:
< blockquote>
大多数网站将继续正常工作,不需要任何操作。
如果需要显示混合内容,您可以轻松地做到这一点:
点击地址栏中的盾牌图标Mixed Content Shield,然后从下拉菜单中选择禁用此页面上的保护。
$ b
地址栏中的图标将更改为橙色的警告三角形警告标识图标,以提醒您不安全的内容正在显示。
要恢复之前的操作(重新封锁混合内容),只需重新加载页面即可。
This morning, upon upgrading my Firefox browser to the latest version (from 22 to 23), some of the key aspects of my back office (website) stopped working.
Looking at the Firebug log, the following errors were being reported:
Blocked loading mixed active content "http://code.jquery.com/ui/1.8.10/themes/smoothness/jquery-ui.css"
Blocked loading mixed active content "http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.10/jquery-ui.min.js"`
among other errors caused by the latter of the two above not being loaded.
What does the above mean and how do I resolve it?
I found this blog post which cleared up a few things. To quote the most relevant bit:
Mixed Active Content is now blocked by default in Firefox 23!
What is Mixed Content?
When a user visits a page served over HTTP, their connection is open for eavesdropping and man-in-the-middle (MITM) attacks. When a user visits a page served over HTTPS, their connection with the web server is authenticated and encrypted with SSL and hence safeguarded from eavesdroppers and MITM attacks.However, if an HTTPS page includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content "mixed". The webpage that the user is visiting is only partially encrypted, since some of the content is retrieved unencrypted over HTTP. The Mixed Content Blocker blocks certain HTTP requests on HTTPS pages.
The resolution, in my case, was to simply ensure the jquery
includes were as follows (note the removal of the protocol):
<link rel="stylesheet" href="//code.jquery.com/ui/1.8.10/themes/smoothness/jquery-ui.css" type="text/css">
<script type="text/javascript" src="//ajax.aspnetcdn.com/ajax/jquery.ui/1.8.10/jquery-ui.min.js"></script>
Note that the temporary 'fix' is to click on the 'shield' icon in the top-left corner of the address bar and select 'Disable Protection on This Page', although this is not recommended for obvious reasons.
UPDATE: This link from the Firefox (Mozilla) support pages is also useful in explaining what constitutes mixed content and, as given in the above paragraph, does actually provide details of how to display the page regardless:
Most websites will continue to work normally without any action on your part.
If you need to allow the mixed content to be displayed, you can do that easily:
Click the shield icon Mixed Content Shield in the address bar and choose Disable Protection on This Page from the dropdown menu.
The icon in the address bar will change to an orange warning triangle Warning Identity Icon to remind you that insecure content is being displayed.
To revert the previous action (re-block mixed content), just reload the page.
这篇关于为什么我突然收到“阻止加载混合活动内容”问题在Firefox?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!