我有一个joomla安装,我已经安装aceshop。 我还为结帐页面设置了SSL,因为这是我想要或需要为ssl保护的唯一区域。
我遇到的问题是谷歌Chrome。 由于结帐页面位于SSL中,并且css / js引用不是,因此Chrome阻止了css。 您必须覆盖页面的安全设置才能正确显示它。
有谁知道如何解决这个问题? 我不希望网站的其余部分在sll下,只是结帐页面。
谢谢!
I have a joomla installation which I have installed aceshop onto. I have also setup an SSL for the checkout page as that is the only area I want or need to have secured for ssl.
The problem im getting is with Google Chrome. Because the checkout page is in SSL, and the css/js references aren't, Chrome is blocking the css. You have to override the security setting for the page to display it properly.
Anyone know how to fix this problem? I DON'T want the rest of the site under sll, just the checkout page.
Thanks!
最满意答案
您还需要通过SSL提供CSS / JS服务。 如果不这样做,那么通过SSL提供页面并不重要。 在这种情况下,中间人攻击者可以添加任意JavaScript,它将在结帐页面的上下文中执行,它可以窃取用户键入的所有信息(名称,地址,cc,等等)。
如果您希望站点安全,则需要修复所有混合模式内容问题,否则它相当于完全没有安全性。
You need to serve your CSS/JS over SSL as well. If you don't, it doesn't matter that you have served the page over SSL. In that case, a man-in-the-middle attacker can add arbitrary JavaScript, which will execute in the context of the checkout page, where it can steal all the information that the user types (name, address, cc, whatever).
If you want your site to be secure, you need to fix all the mixed mode content problems, otherwise it is equivalent to having no security at all.
更多推荐
发布评论