PoliteCaptcha Https 问题 MVC Razor
PoliteCaptcha Https Issue MVC Razor
我使用 PoliteCaptcha 如下:
<div class="form-container">
@using (Html.BeginForm("LogOn", "Account", new { ReturnUrl = Request.QueryString["ReturnUrl"] }, FormMethod.Post, new { id = "formLogOn" }))
{
@Html.TextBoxFor(model => model.UserId, new { id = "textBoxUserId", placeholder="Enter your username" })<br />
@Html.ValidationMessageFor(model => model.UserId)<br />
@Html.PasswordFor(model => model.Password, new { placeholder="Enter your password" })<br />
@Html.ValidationMessageFor(model => model.Password)<br />
@Html.SpamPreventionFields()
<input type="submit" id="ButtonLogOn" value="LoginButton" class=" button" />
}
</div>
<div id="validationSummary">
@Html.Partial("_AjaxValidationSummaryPartial")
</div>
@if (Model != null && !Model.ShowCatcha)
{
@Html.SpamPreventionScript()
}
这很好用,但在 https 域上运行时就不行了。
我收到错误:
Mixed Content: The page at 'https://www.domain.com/log?ReturnUrl=%2Fadmin' was loaded over HTTPS, but requested an insecure script 'http://www.google.com/recaptcha/api/challenge?k=6LcAAAAOQuMiKA-yCo4HZPp4gy-T0x7CaX'. This request has been blocked; the content must be served over HTTPS.
您需要来自安全连接的不安全内容,通常强烈建议不要这样做。
我查了PoliteCaptcha源码,没有引用JS文件;因此应该很容易修复。
找到您的脚本标签并简单地删除协议前缀。
改变这个
<script src="http://www.google.com/recaptcha.js
对此
<script src="//www.google.com/recaptcha.js
浏览器会自动找出要使用的协议,并解决这个问题。
很可能您在反向代理后面,并且 RecaptchaControl 用来生成脚本的 api 没有正确检测到 Context.Request.IsSecureConnection
。
你能告诉我们什么值 Context.Request.IsSecureConnection
returns?
@Html.SpamPreventionFields() 是一个 IHtmlString,因此您可以创建一个页面变量并对其执行一些 String.Replacing...
@{
var preventionFields = Html.SpamPreventionFields().ToHtmlString().Replace("http:", "https:")
}
并在您的表单中
@Html.Raw(preventionFields)
我使用 PoliteCaptcha 如下:
<div class="form-container">
@using (Html.BeginForm("LogOn", "Account", new { ReturnUrl = Request.QueryString["ReturnUrl"] }, FormMethod.Post, new { id = "formLogOn" }))
{
@Html.TextBoxFor(model => model.UserId, new { id = "textBoxUserId", placeholder="Enter your username" })<br />
@Html.ValidationMessageFor(model => model.UserId)<br />
@Html.PasswordFor(model => model.Password, new { placeholder="Enter your password" })<br />
@Html.ValidationMessageFor(model => model.Password)<br />
@Html.SpamPreventionFields()
<input type="submit" id="ButtonLogOn" value="LoginButton" class=" button" />
}
</div>
<div id="validationSummary">
@Html.Partial("_AjaxValidationSummaryPartial")
</div>
@if (Model != null && !Model.ShowCatcha)
{
@Html.SpamPreventionScript()
}
这很好用,但在 https 域上运行时就不行了。 我收到错误:
Mixed Content: The page at 'https://www.domain.com/log?ReturnUrl=%2Fadmin' was loaded over HTTPS, but requested an insecure script 'http://www.google.com/recaptcha/api/challenge?k=6LcAAAAOQuMiKA-yCo4HZPp4gy-T0x7CaX'. This request has been blocked; the content must be served over HTTPS.
您需要来自安全连接的不安全内容,通常强烈建议不要这样做。
我查了PoliteCaptcha源码,没有引用JS文件;因此应该很容易修复。
找到您的脚本标签并简单地删除协议前缀。
改变这个
<script src="http://www.google.com/recaptcha.js
对此
<script src="//www.google.com/recaptcha.js
浏览器会自动找出要使用的协议,并解决这个问题。
很可能您在反向代理后面,并且 RecaptchaControl 用来生成脚本的 api 没有正确检测到 Context.Request.IsSecureConnection
。
你能告诉我们什么值 Context.Request.IsSecureConnection
returns?
@Html.SpamPreventionFields() 是一个 IHtmlString,因此您可以创建一个页面变量并对其执行一些 String.Replacing...
@{
var preventionFields = Html.SpamPreventionFields().ToHtmlString().Replace("http:", "https:")
}
并在您的表单中
@Html.Raw(preventionFields)