在 https 网站上加载 http 内容 [英] Loading http content on https website

问题描述

我正在考虑使用 https 的网站架构.我现在有一个 CDN 服务器托管图像、css 和更多静态文件.

I'm thinking about my website architecture that's using https.. I now have a CDN server hosting images , css and more static files.

网站本身使用 HTTPS 来保护敏感的客户数据.使用静态图像，例如在网站https://www.example.com"上加载的http://cdn.example.com/images/test.jpg"会弹出加载不安全数据"消息吗?

The website itself is using HTTPS for securing sensitive costumer data. Will using the static images , loaded by for example 'http://cdn.example.com/images/test.jpg' on a website 'https://www.example.com' popup a "Loading insecure data" message?

因此在安全网站上加载外部不安全数据.这会导致弹出警告正在加载不安全的数据，继续吗?"?

So loading external NOT SECURED data on a SECURED website. Will this be causing a popup warning "Loading insecure data, continue?"?

谢谢！

推荐答案

是.

如果页面是通过 HTTPS 加载的，那么它使用的每个资源也应该通过 HTTPS 加载.

If a page is loaded over HTTPS then every resource it uses should also be loaded over HTTPS.

否则，中间人可能会将图像替换为具有误导性的图像(或利用浏览器中的缓冲区溢出问题来执行代码的图像)，并将脚本替换为执行不同操作的脚本(例如将数据泄露给第三方).

Otherwise a man-in-the-middle could replace images with misleading ones (or ones that exploit buffer overflow issues in browsers to execute code) and scripts with ones that do different things (such as leak data to the third party).

这篇关于在 https 网站上加载 http 内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！