JHipster Nginx HTTPS此页面正尝试从未经身份验证的源加载脚本 [英] JHipster Nginx HTTPS This page is trying to load scripts from unauthenticated sources
问题描述
简而言之,这里显示错误消息(在Chrome控制台中):
To make my story short, here is shown error message(in chromium console):
混合内容:" https://example.com/#/"上的页面已加载通过HTTPS,但请求了不安全的XMLHttpRequest端点" http://example.com/login ".该请求已被阻止;内容必须通过HTTPS提供.
Mixed Content: The page at 'https://example.com/#/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example.com/login'. This request has been blocked; the content must be served over HTTPS.
如果您单击安全图标(在铬地址栏中),则会看到此消息:
And you see this message if you click the security icon(in chromium address bar):
为了进一步研究这一点,我注意到,在页面加载事件中,我们确实有一个对/api/account安全端点的请求,并且由于通常不对首次访问者进行身份验证,因此该请求将被重定向到/login路径(在某处?).但不是通过HTTP而是通过HTTPS,在我的情况下,这将是期望的行为.
To investigate this further I notice, on page load event, we do have a request to /api/account secure end-point and since first-time visitors are not usually authenticated, then this request will get redirected to /login path (in somewhere?). but over HTTP and not HTTPS, which will be desire behaviour in my case.
我怀疑这是因为我确实在反向代理后面使用了我的JHipster应用程序,而反向代理负责通过HTTPS服务请求.换句话说,我的JHipster应用程序不知道我们正在使用HTTPS.
I'm suspicious that this is because I do use my JHipster application behind a reverse proxy and my reverse proxy is responsible for serving requests over HTTPS. In another words my JHipster application doesn't know that we are using HTTPS.
我也确实尝试调试客户端代码,以查看是否可以覆盖此行为,但是我注意到此重定向不是从auth-expired.interceptor.ts或errorhandler.interceptor.ts触发的.
I also did try to debug my client-side code to see if I could override this behaviour but I notice this redirect is not triggered from neither auth-expired.interceptor.ts or errorhandler.interceptor.ts.
那么这种重定向很有可能是通过我的服务器端代码发生的,也许可以通过更改spring安全配置来覆盖?
So more likely this redirect is happening form my server-side code and maybe could be override by changing an spring security config?
谢谢JHipsters! :-)
Thank you JHipsters! :-)
推荐答案
在application.yml中设置server.use-forward-headers: true.确保您的代理服务器也配置为添加X-Forwarded-For和X-Forwarded-Proto标头.对于Nginx,您可以在location部分中添加proxy_set_header X-Forwarded-Proto $scheme;.这将修复您从代理标头构建的302重定向.
Set server.use-forward-headers: true in your application.yml. Make sure your proxy server is also configured to add X-Forwarded-For and X-Forwarded-Proto headers. For Nginx, you can add proxy_set_header X-Forwarded-Proto $scheme; in the location section. This will fix your 302 redirects which are built from the proxy headers.
This is described in the Spring Boot docs for running behind a proxy server, also there was a related Github issue.
这篇关于JHipster Nginx HTTPS此页面正尝试从未经身份验证的源加载脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
