Web API错误-此请求已被阻止;内容必须通过HTTPS提供 [英] Web API Error - This request has been blocked; the content must be served over HTTPS
问题描述
我们已经在azure上部署了api,并尝试在用angular 5编写的Web应用程序中使用该API.但是,当我们尝试使用该API时,就会遇到错误.
We have deployed the api on azure and trying to consume in our web app written in angular 5. However when we try to consume the api we are getting following errors.
Chrome浏览器的内容混合:位于" https://somedevapp.azurewebsites上的页面.net/#/managesomething '已加载通过HTTPS,但是请求了不安全的XMLHttpRequest端点" http://admindevapp.azurewebsites.net/api/data/getdata ".这个请求已被阻止;内容必须通过HTTPS提供.
Chrome Mixed Content: The page at 'https://somedevapp.azurewebsites.net/#/managesomething' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://admindevapp.azurewebsites.net/api/data/getdata'. This request has been blocked; the content must be served over HTTPS.
Firefox 阻止加载混合的活动内容
Firefox Blocked loading mixed active content
此问题与CORS有关吗?如何解决此问题?
Is this issue related to CORS? How to resolve this issue?
对此有任何帮助!
推荐答案
如果您的Web应用程序如前所述是通过HTTP托管的,则它正在消耗的所有外部资源(CDN,脚本,CSS文件,API调用)还应该使用SSL并通过HTTP进行保护.想一想.如果您的应用程序反过来向API提出了不安全的请求,那将破坏您的应用程序安全的目的.
If your web app is being hosted over HTTPs as you've indicated, then all external resources it is consuming (CDN, scripts, CSS files, API calls) should also use SSL and be secured through HTTPs. Think about it. It would defeat the purpose of your app being secure, if your app was in turn making insecure requests to an API.
因此,您可以:
- 按照Chrome的建议,将您的API调用更改为使用HTTP(推荐)
- 使用HTTP代替HTTPs
-
将以下
meta标记添加到HTML中的< head>元素中:
- As Chrome suggests, change your API calls to use HTTPs (recommended)
- Use HTTP instead of HTTPs
Add the following
metatag to your<head>element in your HTML:
<元http-equiv ="Content-Security-Policy" content ="upgrade-insecure-requests">
More information about this can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests.
这篇关于Web API错误-此请求已被阻止;内容必须通过HTTPS提供的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
