来自不同域的 SSL iframe 和 SSL 页面 [英] SSL iframe in and SSL page from a different domain

问题描述

为所有这些选项设置沙箱目前不可行.所以我呼吁社区寻求帮助.这是一个奇怪的问题，我只想知道什么会起作用(最重要的是在 ie 中)，什么不会.

Setting up the sandboxes for all these option is not feasible right now. So I am appealing to the community for help. This is a weird one and I just want to know what will work (most importantly in ie) and what wont.

1. 带有 iframe 的 Http 页面包含来自同一域的 https//否想法
2. 带有 iframe 的 Http 页面包含来自不同域的 https//不知道
3. 具有 iframe 的 Https 页面包含来自同一域的 https//不知道
4. 具有 iframe 的 Https 页面包含来自不同域的 https//不知道
5. 具有 iframe 的 Http 页面包含来自同一域的 http//I知道这行得通
6. 具有 iframe 的 Http 页面包含来自不同域的 http//我知道这行得通
7. 具有 iframe 的 Https 页面包含来自同一域的 http//怀疑这行不通
8. 具有 iframe 的 Https 页面包含来自不同域的 http//怀疑这行不通

为了更好的阅读；)

╔═════════════════════╦═══╦═══════════════╦══════════════════╦═══════════════════╗
║ Page with an iFrame ║ c ║ inside iFrame ║      domain      ║       works?      ║
╠══════════╦══════════╣ o ╠═══════╦═══════╬══════╦═══════════╬═══════════════════╣
║   http   ║   https  ║ n ║  http ║ https ║ same ║ different ║                   ║
╠══════════╬══════════╣ t ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║     X    ║          ║ a ║       ║   X   ║   X  ║           ║      no idea      ║
╠══════════╬══════════╣ i ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║     X    ║          ║ n ║       ║   X   ║      ║     X     ║      no idea      ║
╠══════════╬══════════╣ i ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║          ║     X    ║ n ║       ║   X   ║   X  ║           ║      no idea      ║
╠══════════╬══════════╣ g ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║          ║     X    ║   ║       ║   X   ║      ║     X     ║      no idea      ║
╠══════════╬══════════╣   ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║     X    ║          ║   ║   X   ║       ║   X  ║           ║ I know this works ║
╠══════════╬══════════╣   ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║     X    ║          ║   ║   X   ║       ║      ║     X     ║ I know this works ║
╠══════════╬══════════╣   ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║          ║     X    ║   ║   X   ║       ║   X  ║           ║  doubt this works ║
╠══════════╬══════════╣   ╠═══════╬═══════╬══════╬═══════════╬═══════════════════╣
║          ║     X    ║   ║   X   ║       ║      ║     X     ║  doubt this works ║
╚══════════╩══════════╩═══╩═══════╩═══════╩══════╩═══════════╩═══════════════════╝

请帮忙！提前致谢.

推荐答案

包含页面和 iframe 是否在同一个域中并不重要.

Whether the containing page and the iframe are on the same domain or not doesn't really matter.

• 使用 http:// URL 的 iframe 通过 http:// 提供的页面:工作正常.
• 页面通过 http:// 和 iframe 使用 https:// URL:工作正常，但是您将无法确保 iframe 的安全性.
• 通过 https:// 和 iframe 使用 http:// URL 提供的页面:将生成混合内容警告，从而引入潜在的安全风险，并且应该避免.
• 通过 https:// 和 iframe 提供的页面使用 https:// URL:工作正常.用户可能会发现很难检查 iframe 是否来自他们期望的站点.他们有效地信任包含页面做正确的事情(请参阅 3-D 安全问题).

• Page served over http:// with an iframe using an http:// URL: works fine.
• Page served over http:// with an iframe using an https:// URL: works fine, but you won't be able to ensure the security of the iframe.
• Page served over https:// with an iframe using an http:// URL: will generate mixed content warnings, thereby introducing a potential security risk, and should be avoided.
• Page served over https:// with an iframe using an https:// URL: works fine. The users may find it hard to check that the iframe comes from the site they expect. They effectively trust the containing page to do the right thing (see 3-D secure problem).

这篇关于来自不同域的 SSL iframe 和 SSL 页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！