与鹈鹕混合的内容 [英] Mixed Content with Pelican

问题描述

TL; DR

TL;DR

我的鹈鹕博客通过HTTPS进行投放，但是由于混合内容"而无法加载CSS，即使它们出现在页面源中为HTTPS.

My Pelican blog is served through HTTPS but CSSs are not loaded because of "mixed content", even though they appear in the page source as HTTPS.

上下文

我在GitHub页面上托管了一个Pelican博客.我有一个自定义域的CNAME记录，指向该博客.

Context

I have a Pelican blog hosted on GitHub pages. I have a CNAME record for a custom domain to point to this blog.

我正在尝试通过HTTPS为该博客提供服务，这可能是

I'm trying to achieve serving this blog with HTTPS, which is possible with CloudFlare (GitHub support told me it's the only solution at the moment).

按照指示设置所有内容后，我可以安全地访问我的博客，但是CSS并未加载，因为它们表示为混合内容.

After setting everything as indicated, I can access my blog securely but CSSs are not loaded because they are indicated as mixed content.

但是，当我查看页面源代码时，所有CSS都应使用HTTPS(因为它是协议相对URL附带的):

However, when I look at the page source, all CSSs should be served with HTTPS (as it's included with protocol-relative URLs):

<head>
    <meta charset="utf-8">
    ...
    <link href="//nonatomiclabs.github.io/theme/css/ipython.css" rel="stylesheet">
    <link href="//nonatomiclabs.github.io/theme/css/bootstrap.min.css" rel="stylesheet">
    <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet">
    <link href="//nonatomiclabs.github.io/theme/css/local.css" rel="stylesheet">
    <link href="//nonatomiclabs.github.io/theme/css/pygments.css" rel="stylesheet">
</head>

我曾尝试将Pelican SITEURL变量设置为//nonatomiclabs.github.io和https://nonatomiclabs.github.io，但这不会改变任何东西(因此问题不在于使用协议相对URL).

I have tried setting Pelican SITEURL variable to both //nonatomiclabs.github.io and https://nonatomiclabs.github.io and this does not change anything (so the problem is not due to the use of protocol-relative URLs).

CloudFlare还具有自动HTTPS重写"功能，该功能本来可以消除/减少混合内容的问题，但对我而言无济于事.

CloudFlare also has an "Automatic HTTPS Rewrites" feature which is supposed to get rid/reduce mixed content problems but does not help in my case.

1. 浏览器(至少包括Chrome和Safari)如何显示带有HTTPS或协议相对URL的页面源，但似乎不受欢迎?
2. 谁对这个问题负责"?鹈鹕，CloudFlare，浏览器等?
3. 如何解决问题?

---

如果需要查看代码:

---

If one needs to see the code:

• 可以在 https://nonatomiclabs.com
上访问该网站.
• 可以在 https://github.com/nonatomiclabs/nonatomiclabs中找到源代码. github.io
  • source分支包含鹈鹕源
  • master分支包含已发布的站点
  • the website is served at https://nonatomiclabs.com
  • the source code can be found at https://github.com/nonatomiclabs/nonatomiclabs.github.io
    • the source branch contains the Pelican source
    • the master branch contains the published site

    推荐答案

    回答您的问题:

    1. 很有可能不是浏览器不遵守HTTPS URL，而是域重定向导致未加密的HTTP链接.

    1. It's most likely not that browsers aren't respecting the HTTPS URLs, but that the domain re-direction is resulting in unencrypted HTTP links.

    GitHub页面，CloudFlare和关联的域重定向的某些组合最有可能是问题的原因.

    Some combination of GitHub Pages, CloudFlare, and associated domain re-direction is most likely the cause of the problem.

    可能的解决方案如下.

    首先，在您的https: ="nofollow noreferrer"> HTML 而不是依靠SITEURL设置来查看是否有任何更改.

    First, try explicitly prepending the static asset links with https: inside your HTML instead of relying on the SITEURL setting and see whether anything changes.

    第二，唯一失败的资源是那些以 https://nonatomiclabs.github.io 开头的资源> —似乎已将对该域的请求重定向到 https://www.nonatomiclabs.com ，并且重定向可能是导致此问题的原因.尝试使用不重定向的域.例如:

    Second, the only resources that are failing are those that begin with https://nonatomiclabs.github.io — it seems that requests to that domain are being re-directed to https://www.nonatomiclabs.com, and that re-direction could be the cause of the problem. Try using a domain that does not re-direct. For example:

    <link href="https://www.nonatomiclabs.com/theme/css/local.css" rel="stylesheet">
    [...]
    

    对于它的价值，对于我个人的 Justin Mayer 网站，我的base.html模板的CSS链接类似于<一个href ="https://github.com/nonatomiclabs/nonatomiclabs.github.io/blob/source/theme/templates/base.html#L10" rel ="nofollow noreferrer">您的.我在publishconf.py设置文件中将SITEURL设置设置为 https://justinmayer.com 输出中包含不产生混合内容警告的正确，完全合格的链接(即，不是相对协议的链接).

    For what it's worth, for my personal Justin Mayer site, my base.html template's CSS links look similar to yours. I set my SITEURL setting to https://justinmayer.com in my publishconf.py settings file, and the resulting output contains proper, fully-qualified links (i.e., not protocol-relative links) that do not yield mixed content warnings.

    顺便说一句，相对于协议的URL被视为反-模式，因为它们在无所不在的TLS世界中已经过时，尤其是

    As an aside, protocol-relative URLs are considered to be an anti-pattern, as they are essentially obsolete in a world of ubiquitous TLS, particularly when Google Chrome 68 marks all unencrypted HTTP requests as insecure this coming July.)

    作为另一个说明，有迹象表明 GitHub页面可能很快将支持HTTPS ，因此您最终可以在没有CloudFlare的情况下通过HTTPS服务您的网站.

    As another side note, there are indications that GitHub Pages might soon support HTTPS, so you may eventually be able to serve your site over HTTPS without CloudFlare.

    这篇关于与鹈鹕混合的内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！