背景是这样 后端写了个静态网页,页面里面有对资源http的调用,导致js在请求时,报了个错
Mixed Content: The page at 'https://huangkaikang/' was loaded over HTTPS, but requested an insecure frame 'http://huangkaikang/resume/'. This request has been blocked; the content must be served over HTTPS.类似这样,看字面意思,结合google想到这个应该可以在nginx那边加个重定向或者header来解决
遂查到了
add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";这个加在nginx的 server块里就好了,页面中不安全的http请求会被转为https
问题的根源应该就是浏览器js的安全机制,不允许在嵌套在https的页面中进行http请求吧?大致理解是这样
更多推荐
nginx add_header Content-Security-Policy “upgrade-insecure-requests;connect-src
发布评论