mixed-content

问题 I am trying to embed an iframe (containing shellinabox, if that's relevant) onto an HTTPS webpage. The HTML I'm using to embed the iframe is pretty straightforward: <div class="jumbotron" style="min-height: 400px;"> <iframe src="https://example.com/shellinabox" style="border:none; min-height: 400px;" width="100%"></iframe> </div> However, Chrome blocks the iframe from loading because it is "insecure content," and I have to manually unblock it for it to work. The Chrome console reports an

问题 I'm getting the following error when submitting a Ninja form that was integrated to the wordpress site. Mixed Content: The page at 'https://my.domain/event/test-page/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://my.domain/wp-admin/admin-ajax.php'. This request has been blocked; the content must be served over HTTPS. That is the only error that I'm getting. The site runs in HTTPS. A quick help is utmost appreciated. 回答1: Are you seeing the mixed content

问题 Suppose my website is over HTTPS and I need to load a CSS or Object resource from HTTP , how can I do this? Please note that I'm able to add Content-Security-Policy to the response headers over the HTTPS websites but I don't exactly know how can I do this. Can someone give me a solution? 回答1: There is no solution. Modern browsers will deny using non-https resources into pages served by https because you effectively undermine the security model of https this way. CSP will not help because it

问题 Currently making an AJAX call from a HTTPS jsp to call in data from another jsp page. We are however getting a Mixed content issue: Mixed Content: The page at 'https://etc/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://etc/path/to/other/page.jsp'. This request has been blocked; the content must be served over HTTPS. How do you force an AJAX call to call over HTTPS? The AJAX call looks like the following: var url = "/path/to/other/page.jsp"; $.ajax({ type:

问题 When attempting to view my site over https, I keep getting a "Blocked loading mixed active content" error in my Firefox console. I am getting this error only for my css and js file. The reason I am so confused is because the reference to the files in the page code itself is https: <link rel="stylesheet" href="https://www.example.com/style.css"> But in the console, it shows it as http: Blocked loading mixed active content "http://www.example.com/style.css"[Learn More] I can do a view source on

问题 I am interested in switching my entire site from http over to https. My concern is that I have some content that uses absolute http URLs. I will need to edit each page in order to change those URLs to relative but that might take me a while to accomplish. What I would like to know is if there is a way to use Javascript via the Google Tag Manager in order to re-write local absolute URLs to be HTTPS and not HTTP? If this is possible, could it be used as a permanent solution? 回答1: One solution

问题 I have a chrome extension that communicates using HTTP in development and HTTPS in production. I run it from webpages that use HTTPS. When I use this extension in my development mode I get the following error. Mixed Content: The page at 'https://somesite.com' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://david-sniper.local:3001/api/end-point'. This content should also be served over HTTPS. In the past I have been able to resolve this error by going reading

问题 I am trying to embed videos from http://youku.com on a website served via HTTPS. Unfortunately they only support HTTP at the moment. Any ideas? Regards, 回答1: If you're referencing it via the player API e.g. http://player.youku.com/jsapi you can use https://players.youku.com/jsapi 来源： https://stackoverflow.com/questions/34956383/embed-youku-video-on-https-site

问题 The parent site running on https . Inside parent site window a iframe with src https . The iframe has links with http . Its https(main parent site) => https(iframe) => http(links inside iframe) scenario. In browser console blocked:mixed content getting logged. Kindly help to get rid of this error. 回答1: this is a browser setting and you did not indicate which browser you are using. Here is info from Firefox on how to disable mixed-content blocking. Note, disabling this increases your security

问题 I'm using django-braces' LoginRequiredMixin for one of my views. Basically, this adds a query string of ?next=/my/desired/url to http://example.com/login/ . The issue is, I'm using an ssl certificate across my site. My nginx file is as below: upstream app_server { server 127.0.0.1:9000 fail_timeout=0; } # # Redirect all www to non-www # server { server_name www.example.com; ssl_certificate /src/bin/ssl/ssl-bundle.crt; ssl_certificate_key /etc/ssl/private/STAR_example_com.key; ssl_protocols