页面通过 HTTPS 加载但请求不安全的 XMLHttpRequest 端点 [英] Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint

问题描述

我有一个页面，上面有一些 D3 javascript.此页面位于 HTTPS 网站内，但证书是自签名的.

I have a page with some D3 javascript on. This page sits within a HTTPS website, but the certificate is self-signed.

当我加载页面时，我的 D3 可视化没有显示，并且出现错误:

When I load the page, my D3 visualisations do not show, and I get the error:

混合内容:'https://integration.jsite.com/data/vis' 已通过 HTTPS 加载，但请求了不安全的 XMLHttpRequest 端点 'http://integration.jsite.com/data/rdata.csv'.此请求已被阻止；内容必须通过 HTTPS 提供.

Mixed Content: The page at 'https://integration.jsite.com/data/vis' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://integration.jsite.com/data/rdata.csv'. This request has been blocked; the content must be served over HTTPS.

我做了一些研究，我发现 JavaScript 将使用与加载页面相同的协议进行调用.所以如果页面是通过 https 加载的，那么 rdata.csv 也应该通过 https 请求，而不是作为 http 请求.

I did some research and all I found what the JavaScript will make the call with the same protocol that the page was loaded. So if page was loaded via https then the rdata.csv should also have been requested via https, instead it is requested as http.

这是因为证书在服务器上是自签名的吗?除了安装真正的 SSL 证书，我还能做些什么来解决这个问题?

Is this because the certificate is self-signed on the server? What I can do to fix this, other than installing a real SSL certificate?

推荐答案

我能做些什么来解决这个问题(除了安装真正的 SSL 证书).

What I can do to fix this (other than installing a real SSL certificate).

你不能.

在https网页上，你只能向https网页发出AJAX请求(使用浏览器信任的证书，如果你使用自签名的，它对你的访问者不起作用)

On an https webpage you can only make AJAX request to https webpage (With a certificate trusted by the browser, if you use a self-signed one, it will not work for your visitors)

这篇关于页面通过 HTTPS 加载但请求不安全的 XMLHttpRequest 端点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！