如何在https网站中识别混合内容 [英] How to identify mixed content in https website

问题描述

我继承了一个拥有通过GoDaddy购买的SSL证书的ASP.NET网站。

I've inherited an ASP.NET web site that has an SSL certificate bought via GoDaddy.

问题是证书似乎因某些原因无效混合内容/资源（我认为这就是它的名字）来自http网站。

The problem is that the certificate seems to be invalid because of some "mixed content/resources" (I think that's how its called) coming from http sites.

Chrome在https旁边的锁上显示红叉，表示它是不安全的。弹出窗口显示以下内容：

Chrome is showing the red cross over the lock next to https, meaning it's unsecured. The popups says the following:

点击这是什么意思？ 此处说明：

Click in "What do these mean?" goes here which says:

当
谷歌浏览器检测到高风险的混合
内容时会出现[交叉锁定]图标，例如JavaScript，在
页面上或当网站提供
无效证书时。

The [crossed-lock] icon appears when Google Chrome detects high-risk mixed content, such as JavaScript, on the page or when the site presents an invalid certificate.

证书是正确且有效的，因为我尝试创建一个空白的Hi world.aspx页面，它显示绿色锁没有问题。

The certificate is correct and valid because I tried creating a blank "Hi world" .aspx page and it's showing the green lock with no problems.

读一点，我发现我应该只包含图像和来自https网站的JavaScript。它唯一来自http的是addthis小部件，但他们支持https ，所以我改变了要https，但它仍然说这是不安全的。

Reading a little bit, I found that I should only include images and javascript coming from https sites. The only thing it had coming from http was the addthis widget, but they support https, so I changed to https, but it's still saying that is unsecured.

我在源代码中搜索了来自http的其他内容，但没有找到任何内容。

I've searched for anything else coming from http in the source, but didn't find anything.

是否有某种方式（网站，Chrome扩展，firefox扩展，等等）能够准确显示哪些资源是不安全的？

我从未处理过SSL / HTTPS证书，但我需要尽快解决这个问题。

I've never dealt with SSL/HTTPS certificates, but I need to fix this issue asap.

推荐答案

我使用Chrome开发者工具发现了问题。这是一个js，它嵌入了一个使用http的第三方网站的闪存。

I've found the problem using the Chrome Developer Tools. It was a js that's embedding a flash from an 3rd party site which it's using http.

这篇关于如何在https网站中识别混合内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！