如何准确判断哪些不安全项目导致浏览器警告混合安全项目和不安全项目? [英] How can you tell exactly what insecure items are causing a browser to warn about mixed secure and insecure items?
问题描述
在 Firefox 中,我查看我的网站并没有收到关于不安全混合内容的警告.
In Firefox, I view my site and get no warnings about insecure mixed content.
使用 FireBug,我可以看到每个请求都是 https
.
Using FireBug, I can see that every request is https
.
在 Chrome 中,我在地址栏中划掉了 https
.
In Chrome, I get the https
crossed out in the address bar.
我在 Chrome 中查看源代码,然后运行这个正则表达式 /http(?!s)/
但它发现的唯一内容是某些外部链接的 href
属性和文档类型和 http-equiv
元标记.
I viewed source in Chrome and then ran this regex /http(?!s)/
but the only things it found were the href
attributes for some external links and the doc type and http-equiv
meta tags.
使用 Chrome 的资源跟踪显示所有请求也是 https
.
Using Chrome's Resource Tracking revealed all requests were https
too.
这包括 Google Analytics、来自 Google CDN 的 jQuery 和 Facebook 之类的脚本.
This includes Google Analytics, jQuery from Google's CDN and Facebook like scripts.
是否有任何特定的工具可以用来显示非 https
请求,或者我可以进一步尝试的任何内容?
Is there any specific tool I can use to show non https
requests, or anything further I can try?
推荐答案
我发现即使没有混合内容,我也会在 Chrome 中收到混合内容"警告,如果某个时候域中已遇到会话混合内容.
I found that I get the "mixed content"-warning in Chrome even when there is no mixed content, if sometime during the session mixed content was already encountered on the domain.
(这里也提到:为什么 Chrome 会报告安全/非安全警告,而其他浏览器都没有?)
这篇关于如何准确判断哪些不安全项目导致浏览器警告混合安全项目和不安全项目?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!