如何在Java Web应用程序中修复JSP重定向中的HTTPS-HTTP混合内容错误 [英] How to fix HTTPS-HTTP mixed content error in JSP redirection in a java web application
问题描述
我正在使用DNS URL(https),这是Weblogic服务器中托管的Web应用程序的负载平衡器URL.当我点击chrome中的网址时,我可以成功登录.然后,当我尝试单击页面上的某个按钮时,例如说一些视图/编辑按钮,则没有响应.当我调试时,我发现它是由于chrome中的混合内容问题所致.是的,我在IE和Firefox中均不会遇到任何问题.
I am using a DNS url (https) which is a load balancer url for my web application which is hosted in Weblogic server. When I hit the url in chrome and I can do a successful login. Then when I am trying to click on some button from the page , say some view/edit button, there is no response. When I debugged I found it is due to mixed content issue in chrome. Yes I don't face any issue in IE and Firefox for the same.
当我使用原始http网址代替DNS网址时,我没有任何问题.
When I am using the raw http url in stead of the DNS url, I have no issues.
现在,我想在我的jsp本身中解决此问题.但是我不确定我需要进行的代码更改.
Now, I want to fix this issue in my jsp itself. But I am not sure about the code changes that I need to make.
以下是我从网络跟踪获得的URL:
Following are the URLs that I get from network trace :
Console URL : https://dns-host/myapp/console.jsp
Request URL : https://dns-host/myapp/editWorkSelector.jsp?workid=1234©work=view
Referer : https://dns-host/myapp/workDataScr.jsp?workname=null
Location : http://dns-host/myapp/workView.jsp
我正在尝试使用我的代码访问workView.jsp.在这里,我遇到了问题,无法转到页面.
I am trying to go to workView.jsp in my code. Here I face the issue and unable to go to the page.
这是示例代码:
文件:workDataScr.jsp
File : workDataScr.jsp
<td align="center" bgcolor="<%=bgcolor%>">
<a href="editWorkSelector.jsp?workid=<%=id%>©work=view"
onClick="return checkForSystem(this.form,'<%=id%>','<%=type%>','<%=role%>')">VIEW
</a>
</td>
function checkForSystem(form,workid,worktype,role){
form = document.forms[1];
form.action="editWorkSelector.jsp?workid="+workid+"&type="+worktype;
form.submit();
}
文件:editWorkSelector.jsp
File : editWorkSelector.jsp
String workid = request.getParameter("workid");
String copy = (String)request.getParameter("copywork");
String workname = (String)request.getParameter("workname");
WorkData work = workBean.getWork(workid);
response.sendRedirect("workView.jsp");
这就是问题所在,由于内容混合,代码流无法到达workView.jsp.
Here lies the issue, due to mixed content the code flow is unable to reach workView.jsp.
错误:
Mixed Content: The page at 'https://dns-host/myapp/console.jsp' was loaded over HTTPS,
but requested an insecure resource 'http://dns-host/myapp/workView.jsp'.
This request has been blocked; the content must be served over HTTPS.
enter code here
了解如何在我的代码中解决此问题将非常有帮助.
It will be very helpful to know how to fix this issue in my code.
推荐答案
在执行以下行之前,我们需要在适当的条件下重定向请求.
We need to redirect the request on conditions properly before executing the below line.
response.sendRedirect("workView.jsp");
保持如下所示的架构/引荐来源:
Hold the schema/referrer like below :
String scheme = request.getScheme();
String referer = request.getHeader("referer");
最好使用引荐来源网址,因为架构并不总是能够提供所需的结果.您可以在控制台调试器中检查该值.
It is better to use referrer because schema doesn't always give the desired result. You can check the value in console debugger.
然后在这样的条件下执行重定向:
Then execute the redirect on condition like this :
String servername = request.getServerName();
String scheme = request.getScheme();
String referer = request.getHeader("referer");
if(referer.startsWith("https")) {
response.sendRedirect("https://" + servername + "/context-root/" + "workView.jsp");
}else{
response.sendRedirect("workView.jsp");
}
这篇关于如何在Java Web应用程序中修复JSP重定向中的HTTPS-HTTP混合内容错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
