Web API 错误 - 此请求已被阻止;内容必须通过 HTTPS 提供 [英] Web API Error - This request has been blocked; the content must be served over HTTPS

查看:71
本文介绍了Web API 错误 - 此请求已被阻止;内容必须通过 HTTPS 提供的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们已经在 azure 上部署了 api 并尝试在我们用 angular 5 编写的网络应用程序中使用.但是,当我们尝试使用 api 时,我们遇到了以下错误.

We have deployed the api on azure and trying to consume in our web app written in angular 5. However when we try to consume the api we are getting following errors.

Chrome 混合内容:位于 'https://somedevapp.azurewebsites 的页面.net/#/managesomething' 已加载通过 HTTPS,但请求了不安全的 XMLHttpRequest 端点'http://admindevapp.azurewebsites.net/api/data/getdata'.这个请求已被封锁;内容必须通过 HTTPS 提供.

Chrome Mixed Content: The page at 'https://somedevapp.azurewebsites.net/#/managesomething' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://admindevapp.azurewebsites.net/api/data/getdata'. This request has been blocked; the content must be served over HTTPS.

Firefox 阻止加载混合活动内容

Firefox Blocked loading mixed active content

这个问题是否与 CORS 相关?如何解决这个问题?

Is this issue related to CORS? How to resolve this issue?

对此的任何帮助表示赞赏!

Any help on this appreciated!

推荐答案

如果您的 Web 应用程序如您所指示的那样通过 HTTP 托管,那么它消耗的所有外部资源(CDN、脚本、CSS 文件、API 调用)还应该使用 SSL 并通过 HTTPs 进行保护.想想看.如果您的应用反过来向 API 发出不安全的请求,这将违背您应用安全的目的.

If your web app is being hosted over HTTPs as you've indicated, then all external resources it is consuming (CDN, scripts, CSS files, API calls) should also use SSL and be secured through HTTPs. Think about it. It would defeat the purpose of your app being secure, if your app was in turn making insecure requests to an API.

因此,您可以:

  1. 按照 Chrome 的建议,更改您的 API 调用以使用 HTTPS(推荐)
  2. 使用 HTTP 而不是 HTTPs
  3. 将以下 meta 标记添加到 HTML 中的 元素:

  1. As Chrome suggests, change your API calls to use HTTPs (recommended)
  2. Use HTTP instead of HTTPs
  3. Add the following meta tag to your <head> element in your HTML:

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

关于这方面的更多信息可以在这里找到:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests.

More information about this can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests.

这篇关于Web API 错误 - 此请求已被阻止;内容必须通过 HTTPS 提供的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆