SSL网站不会从其他域加载非SSL脚本 [英] SSL site won't load non-SSL scripts from other domain

问题描述

我有一个使用SSL(https而非http)的网站.我试图嵌入一个小部件，该小部件引用来自另一个域的文件(js，css).该其他域没有SSL(http代替https).结果，我得到一个net :: ERR_INSECURE_RESPONSE，并且该窗口小部件将不会加载.

I have a website with SSL (https instead of http). I am attempting to embed a widget that references files (js, css) from another domain. This other domain does not have SSL (http instead of https). As a result, I get an net::ERR_INSECURE_RESPONSE and the widget will not load.

如何告诉我的网站允许该小部件使用不安全的内容?

How can I tell my site to allow the insecure content used by the widget?

推荐答案

您不能告诉网站允许页面中的不安全内容，因为它不是阻止脚本访问的网站-而是浏览器.

You cannot tell a website to allow insecure content in the page as it is not the site that is blocking access to the scripts - it's the Browser.

使用SSL时，浏览器将连接的安全级别降至最低，并确保不会从页面建立未加密的连接.这将停止所有用于在请求中传输数据的未加密连接.

When using SSL the browser puts a minimum level of security on the connection and ensures that no unencrypted connections are being made from the page. This stops any unencrypted connections being used to transmit data in the requests.

要解决此问题，最简单的选择是自己将脚本托管在受SSL保护的域上.可能无法编辑窗口小部件，因此可能会使用本地托管的脚本，而不是非https站点中的脚本.

The simplest option I can think of to work around this is to host the scripts yourself on the domain that is secured by SSL. It may or may not be possible to edit the widget easily so it uses the locally hosted script instead of the ones from the non-https site.

这篇关于SSL网站不会从其他域加载非SSL脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！