问题
I am upgrading from the old SecureWebPages that automates the switching between Http and Https content via web.config.
For some strange reason, having contents like:
<link type="text/css" href="assets/css/style.css" rel="stylesheet" />
no longer automatically loads from the appropriate https location. The console in Google Chrome shows me this:
The page at https://website.com/UserAccess.aspx ran insecure content from http://website.com/assets/css/style.css.
This behavior didn't exist when I was using the older SecureWebPages. In the past the above CSS statement works fine without any errors.
My web.config:
<securitySwitch mode="RemoteOnly">
<paths>
<add path="~/Register.aspx"/>
<add path="~/SSL.Master"/>
</paths>
Is there anything wrong with my configurations? Please advise. Thanks!
回答1:
You need to tell SecuritySwitch to ignore your CSS folder, or even your entire Assets folder if it contains images and the like as well. Here is a path you can add to the securitySwitch section for the assets folder.
<securitySwitch mode="RemoteOnly">
<paths>
<add path="~/Register.aspx"/>
<add path="~/assets/" security="Ignore"/>
</paths>
</securitySwitch>
This will tell SecuritySwitch to ignore the assets folder, and everything under it. Also, your path for the master file does nothing, since .master files are never served to a browser.
I hope this helps!
来源:https://stackoverflow.com/questions/9109410/resources-not-automatically-loaded-from-https-securityswitch