在https网站上加载http内容 [英] Loading http content on https website
问题描述
我正在考虑使用https的网站架构。我现在有一个托管图片,css和更多静态文件的CDN服务器。
I'm thinking about my website architecture that's using https.. I now have a CDN server hosting images , css and more static files.
网站本身是使用HTTPS保护敏感的客户数据。将使用静态图像,例如在网站https://www.example.com上加载http://cdn.example.com/images/test.jpg弹出加载不安全数据消息?
The website itself is using HTTPS for securing sensitive costumer data. Will using the static images , loaded by for example 'http://cdn.example.com/images/test.jpg' on a website 'https://www.example.com' popup a "Loading insecure data" message?
因此在SECURED网站上加载外部NOT SECURED数据。
这是否会导致弹出警告加载不安全数据,继续??
So loading external NOT SECURED data on a SECURED website. Will this be causing a popup warning "Loading insecure data, continue?"?
Thx!
推荐答案
是。
如果页面是通过HTTPS加载的,那么它所使用的每个资源也应该通过HTTPS加载。
If a page is loaded over HTTPS then every resource it uses should also be loaded over HTTPS.
否则,中间人可以用误导性的图像替换图像(或者在浏览器中利用缓冲区溢出问题执行代码的图像)和使用不同事物的图像替换脚本(例如向第三方泄漏数据)。
Otherwise a man-in-the-middle could replace images with misleading ones (or ones that exploit buffer overflow issues in browsers to execute code) and scripts with ones that do different things (such as leak data to the third party).
这篇关于在https网站上加载http内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
