Chrome iFrame阻止HTTPS重定向 [英] Chrome iFrame Block HTTPS redirect

本文介绍了Chrome iFrame阻止HTTPS重定向的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!


我有一个父网站: ,其中包含一个带有https内容的iframe( https: // )到目前为止一切都很愉快。但是,当发生重定向以在同一域上加载不同的路由时,chrome将其阻止为混合内容错误。
在网络流量中查看请求确认浏览器正在请求 https ,但Chrome仍然取消请求,因为我无法加载混合( http )内容。

I've got a parent site :, which contains an iframe with https content ( and everything is happy so far. But, when a redirect occurs to load a different route on that same domain, chrome blocks it as a mixed content error. Viewing the request in the network traffic confirms that the browser is requesting https, yet chrome still cancels the request citing that I can't load mixed (http) content.


All searching has got me so far is to people trying to load mixed content which is not the case here.

混合内容:' '是通过HTTPS加载的,但请求了一个不安全的资源http:/。此请求已被阻止;内容必须通过HTTPS提供。

For reference this is the chrome error: Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure resource 'http:/'. This request has been blocked; the content must be served over HTTPS.

实际的帧源是https:/,它可能重定向到https:/ 。如果页面没有重定向,则不会发生错误。

The actual frame source is https:/ which has a possible redirect to https:/ If the page does not redirect no error occurs.



Old question but still relevant so I will try to answer this.


As previously stated: You are not allowed to load unsafe http-content within a https-served website since it would compromise the security. If you try to do it anyway, Chrome will prevent it and throw the before mentioned error.

确保您确实通过https请求的第一步是检查 iframe 中的URL,应如下所示:

The first step to ensure that you are indeed requesting via https is to check the URL in the iframe, which should look like this:

<iframe src=""></iframe>
          this needs to be https


Now take that exact URL and paste it into any browser to see what rules are in place. If you are redirected in any way it is possible that a unsafe http-connection is used after or in between the redirects. They might even have a straight https-to-http rule in place (unlikely). Also check the console since they might attempt to load unsafe content within their https-served page as well which could result in an error on your end. If you find one of those things but you have no access to the server your journey ends here unless you want to serve that content so badly that you are willing to use http yourself.


If you, on the other hand, have access to the server you could remove those redirects or check their configuration. Since there are many different web-servers, operating systems and configurations I won't attempt to give a general tutorial but it shouldn't be hard to find with the search engine of your choosing.


当所有内容都在浏览器似乎工作正常(没有可见的重定向),你仍然得到你可以使用 Wireshark 或其他工具的错误记录您的流量。它可能是一个配置错误的https,以某种方式搞砸了Chrome不喜欢的握手。将这些日志发布到SO或共享您要在 iframe 中显示的网站,以便我们可以进一步分析,因为它不太可能存在一般解决方案。

When everything in the browser seems to work correctly (no visible redirects) and you still get the error you could use Wireshark or other tools to log your traffic. It could be a misconfigured https that messes up the handshake in some way Chrome doesn't like. Post those logs on SO or share the website you want to display in your iframe so we can analyze it further since it is unlikely that there is a general solution.

这篇关于Chrome iFrame阻止HTTPS重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

登录 关闭
发送“验证码”获取 | 15天全站免登陆