混合内容页面:请求不安全的样式表错误
Mixed Content Page: requested an insecure stylesheet error
我正在开发一个网站。当我使用 http:// 协议打开任何页面时,所有内容都已正确加载,但是当我尝试使用 https 协议加载页面时,页面已加载但没有 css 和 javascript 文件。
控制台显示以下错误。
Mixed Content: The page at
'https://www.example.com/index.php?main_page=login' was loaded
over HTTPS, but requested an insecure stylesheet
'http://www.example.com/site_map.html'. This request has been
blocked; the content must be served over HTTPS.
我认为问题是浏览器在通过 https 协议请求时无法加载任何 css 文件。
问题出在 htaccess 文件上,因为当我删除它时,css 文件正确加载。
页面和 css 文件加载到浏览器,其 url 中包含 https
<link rel="stylesheet" type="text/css" href="https://www.example.com/includes/templates/classic/css/style1.css">
<link rel="stylesheet" type="text/css" href="https://www.example.com/includes/templates/classic/css/style2.css">
当浏览器尝试加载 css 文件时,它被重定向到
http://www.example.com/site_map.html
如何让 htaccess 允许 https 打开特定文件夹中的 css 和 js 文件?
谢谢
更新
htaccess 文件内容
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule (.*) http://www.example.com/
###############################################################################
# Common directives
###############################################################################
# NOTE: Replace /shop/ with the relative web path of your catalog in the "Rewrite Base" line below:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/ [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ http://www.example.com/ [R=301,L]
#RewriteBase /
###############################################################################
# Start Ultimate SEO URLs
###############################################################################
# Original (unchanged) URL formats
RewriteRule ^(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-(.*)-p(.*)\.html$ /index.php?main_page=&cPath=&sort=&page=
RewriteRule ^(.*)-c-([0-9_]+)(.*)$ index\.php?main_page=index&cPath=&%{QUERY_STRING} [L]
RewriteRule ^(.*)-ez-(.*).html$ index.php?main_page=page&id= [L]
# All other pages
# Don't rewrite real files or directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index\.php?main_page=&%{QUERY_STRING} [L]
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule index.html$ index.php [QSA]
# 480 weeks
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=290304000, public"
</FilesMatch>
# 2 DAYS
<FilesMatch "\.(xml|txt)$">
Header set Cache-Control "max-age=172800, public, must-revalidate"
</FilesMatch>
# 2 HOURS
<FilesMatch "\.(html|htm)$">
Header set Cache-Control "max-age=7200, must-revalidate"
</FilesMatch>
# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
RewriteEngine on
RewriteBase /
ErrorDocument 404 /index.php
RewriteRule index.html$ index.php [QSA]
很可能在你的 html 代码中你有类似
的东西
<link href="http://someSite.com/css/someStyle.css" rel="stylesheet" type="text/css" />
你应该把它改成
<link href="https://someSite.com/css/someStyle.css" rel="stylesheet" type="text/css" />
您所指的页面也是 .html 而不是 css,但我猜这是一个错字...
如果您能够通过 HTTPS 提供 CSS 等服务,最好的解决方案是 use // as the scheme 获取资产 URL。
即"use the same scheme (sometimes called protocol) as the parent document",即如果页面使用https,则使用https。例如:
<link rel="stylesheet" href="//mysite.com/styles.css">
<script src="//mysite.com/app.js"></script>
这是你的问题:
RewriteCond %{SERVER_PORT} ^443$
RewriteRule (.*) http://www.example.com/
您不允许 SSL 请求(443 端口号用于 HTTPS 请求)。尝试删除这些行。
我按照他们的指南 here 中的描述使用了 cloudflare 的插件。
在 Drupal 8.0.1 中遇到类似错误
错误 - 混合内容:'' 中的页面是通过 HTTPS 加载的,但请求了不安全的样式表''。此请求已被阻止;内容必须通过 HTTPS.
提供
解决方案 - 打开 .htaccess 文件并添加以下行
Header 始终设置 Content-Security-Policy "upgrade-insecure-requests;"
您可能还需要检查您的
WordPress 地址 (URL) 和 网站地址 (URL) 在常规设置下,并确保您的 URL 是 https://www.yourdomain.com
我正在开发一个网站。当我使用 http:// 协议打开任何页面时,所有内容都已正确加载,但是当我尝试使用 https 协议加载页面时,页面已加载但没有 css 和 javascript 文件。
控制台显示以下错误。
Mixed Content: The page at 'https://www.example.com/index.php?main_page=login' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/site_map.html'. This request has been blocked; the content must be served over HTTPS.
我认为问题是浏览器在通过 https 协议请求时无法加载任何 css 文件。
问题出在 htaccess 文件上,因为当我删除它时,css 文件正确加载。
页面和 css 文件加载到浏览器,其 url 中包含 https
<link rel="stylesheet" type="text/css" href="https://www.example.com/includes/templates/classic/css/style1.css">
<link rel="stylesheet" type="text/css" href="https://www.example.com/includes/templates/classic/css/style2.css">
当浏览器尝试加载 css 文件时,它被重定向到
http://www.example.com/site_map.html
如何让 htaccess 允许 https 打开特定文件夹中的 css 和 js 文件?
谢谢
更新 htaccess 文件内容
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule (.*) http://www.example.com/
###############################################################################
# Common directives
###############################################################################
# NOTE: Replace /shop/ with the relative web path of your catalog in the "Rewrite Base" line below:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/ [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ http://www.example.com/ [R=301,L]
#RewriteBase /
###############################################################################
# Start Ultimate SEO URLs
###############################################################################
# Original (unchanged) URL formats
RewriteRule ^(.*)-p-([0-9]+)(.*)$ index\.php?main_page=product_info&products_id=&%{QUERY_STRING} [L]
RewriteRule ^(.*)-c-(.*)-p(.*)\.html$ /index.php?main_page=&cPath=&sort=&page=
RewriteRule ^(.*)-c-([0-9_]+)(.*)$ index\.php?main_page=index&cPath=&%{QUERY_STRING} [L]
RewriteRule ^(.*)-ez-(.*).html$ index.php?main_page=page&id= [L]
# All other pages
# Don't rewrite real files or directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index\.php?main_page=&%{QUERY_STRING} [L]
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule index.html$ index.php [QSA]
# 480 weeks
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=290304000, public"
</FilesMatch>
# 2 DAYS
<FilesMatch "\.(xml|txt)$">
Header set Cache-Control "max-age=172800, public, must-revalidate"
</FilesMatch>
# 2 HOURS
<FilesMatch "\.(html|htm)$">
Header set Cache-Control "max-age=7200, must-revalidate"
</FilesMatch>
# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
RewriteEngine on
RewriteBase /
ErrorDocument 404 /index.php
RewriteRule index.html$ index.php [QSA]
很可能在你的 html 代码中你有类似
的东西<link href="http://someSite.com/css/someStyle.css" rel="stylesheet" type="text/css" />
你应该把它改成
<link href="https://someSite.com/css/someStyle.css" rel="stylesheet" type="text/css" />
您所指的页面也是 .html 而不是 css,但我猜这是一个错字...
如果您能够通过 HTTPS 提供 CSS 等服务,最好的解决方案是 use // as the scheme 获取资产 URL。
即"use the same scheme (sometimes called protocol) as the parent document",即如果页面使用https,则使用https。例如:
<link rel="stylesheet" href="//mysite.com/styles.css">
<script src="//mysite.com/app.js"></script>
这是你的问题:
RewriteCond %{SERVER_PORT} ^443$
RewriteRule (.*) http://www.example.com/
您不允许 SSL 请求(443 端口号用于 HTTPS 请求)。尝试删除这些行。
我按照他们的指南 here 中的描述使用了 cloudflare 的插件。
在 Drupal 8.0.1 中遇到类似错误
错误 - 混合内容:'' 中的页面是通过 HTTPS 加载的,但请求了不安全的样式表''。此请求已被阻止;内容必须通过 HTTPS.
提供解决方案 - 打开 .htaccess 文件并添加以下行 Header 始终设置 Content-Security-Policy "upgrade-insecure-requests;"
您可能还需要检查您的 WordPress 地址 (URL) 和 网站地址 (URL) 在常规设置下,并确保您的 URL 是 https://www.yourdomain.com