当我通过Ajax加载https页面时，出现了MixedContent，但浏览器仍然认为它是http [英] MixedContent when I'm loading https page through ajax, but browser still thinks it's http

问题描述

在网页上安装SSL证书后，我遇到的问题是，使用https服务的页面需要带有ajax的http端点.我正在使用矩形，并且将基本网址更改为具有https.

After Installing SSL Cert on a web page, I had the problem where the page served with https would require http endpoint with ajax. I'm using restangular, and I changed the base url to have https.

    var uri = location.protocol + "//" + location.host;
    RestangularProvider.setBaseUrl(uri);

有趣的是，当我在chrome开发人员工具中看到请求时，

The interesting part is that, when I see the request in the chrome developer tools i see

Request URL:https://theaddress.com/api/endpoint
Request Headers
Provisional headers are shown
Accept:application/json, text/plain, */*
Referer:https://theadress.com/somepage
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36
X-Requested-With:XMLHttpRequest

所以请求应该是一个https，但是我仍然得到:

So the request should be an https one, yet I still get:

Mixed Content: The page at 'https://theaddress.com/somepage' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://theadress.com/api/endpoint'. This request has been blocked; the content must be served over HTTPS.

我还应该提到，这在生产服务器上发生，但是在我的本地测试中，使用包含https的基本URL后，它可以正常工作(我具有自签名的ssl cert).

Also I should mention, this happens on prod server, but on my local test it works fine ( I have self signed ssl cert ) after I have made it use base url that includes https.

可能是什么问题?

推荐答案

我刚刚花了4个小时尝试解决类似的问题.这是解决我的问题的方法:

I just spent a good 4 hours trying to fix a similar problem. Here's what solved mine:

摘要:在您的请求中添加结尾的"/"

Summary: add a trailing '/' to your request

我发现这篇文章对解决我的问题很有帮助.基本上，服务器不在乎是否以尾随"/"发送请求，因为如果不添加请求，服务器内部会路由到"/".但是，如果路由发生在内部(例如nginx将请求传递到本地进程)，则会获得http重定向，这会使您的请求失败.

I found this post useful in fixing my problem. Basically, the server doesn't care if you send your request with a trailing '/' or not, because it internally routes to '/' if you don't add it. However, if the routing is happening internally (e.g. nginx passing the request to a local process), you get an http redirect which will make your request fail.

这篇关于当我通过Ajax加载https页面时，出现了MixedContent，但浏览器仍然认为它是http的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！