iframe被屏蔽为不安全的内容，即使iframe是HTTPS [英] iframe blocked as insecure content, even though the iframe is HTTPS

问题描述

我试图在HTTPS网页上嵌入iframe（包含 shellinabox ，如果相关的话）。我用来嵌入iframe的HTML非常简单：

 < div class =jumbotronstyle =min -height：400px;> 
 
< iframe src =https://example.com/shellinaboxstyle =border：none; min-height：400px;宽度= 100％ >< / iframe中> 
< / div> 
  

然而，Chrome会阻止iframe加载，因为它是不安全的内容，我必须手动解除它的工作。 Chrome控制台报告如下错误：

 混合内容：此页面位于https://example.com/mainpage/ '通过HTTPS加载，但请求了不安全的资源'http://example.com/shellinabox/'。此请求已被阻止;内容必须通过HTTPS提供。 
  

我对此感到困惑，因为我的HTML代码显然是嵌入了HTTPS版本的 example.com/shellinabox 。此外，当我直接访问 https://example.com/shellinabox 时，锁定图标为绿色，没有任何内容被阻止，并且没有任何SSL问题的迹象表明我也在Firefox，IE和MS边缘测试了这一点，它们都有相同的行为（所以它不是特定于Chrome的问题）。什么给了？

解决方案

这是一个老问题，但我遇到了同样的问题。我的使用案例与您的使用案例略有不同，但希望这会有所帮助。

对我而言，我的python flask服务器上的路由以/字符结尾。在我的iframe中，我在src结尾调用了没有斜杠的路由，并且看到了同样的错误。

 < iframe src =https：//示例.com / shellinabox /style =border：none; min-height：400px;宽度= 100％ >< / iframe中> 
  

我不完全确定为什么在src属性结尾处缺少斜线会导致此错误。如果有人能解释为什么，我会很乐意更新我的答案。

I am trying to embed an iframe (containing shellinabox, if that's relevant) onto an HTTPS webpage. The HTML I'm using to embed the iframe is pretty straightforward:

<div class="jumbotron" style="min-height: 400px;">

    <iframe src="https://example.com/shellinabox" style="border:none; min-height: 400px;" width="100%"></iframe>
</div>

However, Chrome blocks the iframe from loading because it is "insecure content," and I have to manually unblock it for it to work. The Chrome console reports an error like this:

Mixed Content: The page at 'https://example.com/mainpage/' was loaded over HTTPS, but requested an insecure resource 'http://example.com/shellinabox/'. This request has been blocked; the content must be served over HTTPS.

I am confused by this because clearly my HTML code is embedding the HTTPS version of example.com/shellinabox. Moreover, when I visit https://example.com/shellinabox directly, the lock icon is green, nothing is blocked, and there are no indications of any SSL problems on that page.

I also tested this in Firefox, IE, and MS edge, and they all have the same behavior (so it's not a Chrome-specific issue). What gives?

解决方案

This is an old question but I encountered the same issue. My use case is slighty different to yours, but hopefully this helps.

For me, my route on my python flask server ended with the "/" character. In my iframe, I was calling the route without the slash at the end of the src and was seeing the same error. Adding a slash to the src in the iframe did the trick for me.

<iframe src="https://example.com/shellinabox/" style="border:none; min-height: 400px;" width="100%"></iframe>

I'm not exactly sure why the missing slash on the end the src attribute would cause this error. If anyone can explain why, I'll gladly update my answer.

这篇关于iframe被屏蔽为不安全的内容，即使iframe是HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！