获取页面已通过 HTTPS 加载,但请求了不安全的 XMLHttpRequest 端点“.well-known/openid-configuration”
Getting The page was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint '.well-known/openid-configuration'
所以我有一个 ASP.Net Core Hosted Blazor Web Assembly 项目,使用 Identity Server 4 来管理我的登录和注册,当我调试并尝试登录我的应用程序时,端点 '.well-known/openid-configuration' 通过 HTTPS 提供,但是当我 运行 它在 Docker 中发布的版本时,它通过 HTTP 提供,导致我的登录页面无法工作.我怎样才能让它通过 HTTPS 提供服务?
完整错误是:AuthenticationService.js:1 混合内容:'https://musicfusion.app/' 的页面是通过 HTTPS 加载的,但请求了不安全的 XMLHttpRequest 端点 'http://musicfusion.app/.well-known/openid-configuration'。此请求已被阻止;内容必须通过 HTTPS 提供。
编辑:我的 Startup.cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.UI;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.ResponseCompression;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using System.Linq;
using Soundbox.Server.Data;
using Soundbox.Shared;
using System;
using Blazored.Toast;
using test.Server.Hubs;
using Microsoft.AspNetCore.Identity.UI.Services;
using test.Server.Services;
using Microsoft.AspNetCore.HttpOverrides;
namespace test.Server
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlite("Data Source=/data/test.db"));
services.AddBlazoredToast();
services.Configure<APIKeys>(this.Configuration.GetSection("APIKeys"));
services.Configure<AuthMessageSenderOptions>(this.Configuration.GetSection("Emails"));
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
//services.AddCors(options =>
//{
// options.AddPolicy("AllowSpecificOrigin",
// builder =>
// {
// builder
// .AllowAnyOrigin()
// .AllowAnyMethod()
// .AllowAnyHeader();
// });
//});
services.AddControllersWithViews();
// requires
// using Microsoft.AspNetCore.Identity.UI.Services;
// using WebPWrecover.Services;
services.AddTransient<IEmailSender, EmailSender>();
services.AddRazorPages();
services.AddSignalR();
services.AddResponseCompression(opts =>
{
opts.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(
new[] { "application/octet-stream" });
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseResponseCompression();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
app.UseWebAssemblyDebugging();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
//app.UseCors("AllowSpecificOrigin");
app.UseRouting();
app.UseIdentityServer();
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapControllers();
endpoints.MapHub<PlaylistHub>("/playlisthub");
endpoints.MapFallbackToFile("index.html");
});
UpdateDatabase(app);
}
private static void UpdateDatabase(IApplicationBuilder app)
{
using (var serviceScope = app.ApplicationServices
.GetRequiredService<IServiceScopeFactory>()
.CreateScope())
{
using (var context = serviceScope.ServiceProvider.GetService<ApplicationDbContext>())
{
context.Database.Migrate();
}
}
}
}
}
在服务器项目中将以下行添加到 startup.cs 似乎已经解决了我的问题:
app.Use((ctx, next) => { ctx.SetIdentityServerOrigin("https://www.my-domain-name-here.co.uk"); return next(); });
我也为此苦苦挣扎。终于想到了解决办法。在 Startup.ConfigureServices 中,像这样添加 IdentityServer 选项:
services.AddIdentityServer(options =>
{
options.PublicOrigin = Configuration["PublicOrigin"];
})
然后将 public HTTPS 来源放入您的 appsettings.json(例如 "PublicOrigin": "https://example.com")。
对此的解决方案是让 Cloudflare 强制所有流量为 HTTPS。
编辑:为确保正确,请遵循本教程:https://blog.cloudflare.com/how-to-make-your-site-https-only/
如果您使用的是 IdentityServer4,那么您可以将其放入您的启动程序中:
app.Use(async (ctx, next) =>
{
ctx.Request.Scheme = "https";
await next();
});
然后它将使 Identity Server 对其创建的所有链接使用 https。这对我使用反向代理很有帮助
@Carl 和@Jared 是正确的,但如果您使用负载均衡器或类似的东西,简单地强制 HTTPS 是行不通的。
示例请求通过 https 服务于来自 GCP Cloud 运行 中托管的应用程序的 http 端点链接。在 Azure 和 IIS 中为 https 端点提供完全相同的代码。
推荐的方法是在 IdentityServer4 中使用 PublicOrigin:
app.Use(async (ctx, next) =>
{
ctx.SetIdentityServerOrigin("https://example.com");
await next();
});
或
app.Use(async (ctx, next) =>
{
ctx.Request.Scheme = "https";
ctx.Request.Host = new HostString("example.com");
await next();
});
https://github.com/IdentityServer/IdentityServer4/issues/4535#issuecomment-647084412
所以我有一个 ASP.Net Core Hosted Blazor Web Assembly 项目,使用 Identity Server 4 来管理我的登录和注册,当我调试并尝试登录我的应用程序时,端点 '.well-known/openid-configuration' 通过 HTTPS 提供,但是当我 运行 它在 Docker 中发布的版本时,它通过 HTTP 提供,导致我的登录页面无法工作.我怎样才能让它通过 HTTPS 提供服务?
完整错误是:AuthenticationService.js:1 混合内容:'https://musicfusion.app/' 的页面是通过 HTTPS 加载的,但请求了不安全的 XMLHttpRequest 端点 'http://musicfusion.app/.well-known/openid-configuration'。此请求已被阻止;内容必须通过 HTTPS 提供。
编辑:我的 Startup.cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.UI;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.ResponseCompression;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using System.Linq;
using Soundbox.Server.Data;
using Soundbox.Shared;
using System;
using Blazored.Toast;
using test.Server.Hubs;
using Microsoft.AspNetCore.Identity.UI.Services;
using test.Server.Services;
using Microsoft.AspNetCore.HttpOverrides;
namespace test.Server
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlite("Data Source=/data/test.db"));
services.AddBlazoredToast();
services.Configure<APIKeys>(this.Configuration.GetSection("APIKeys"));
services.Configure<AuthMessageSenderOptions>(this.Configuration.GetSection("Emails"));
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
//services.AddCors(options =>
//{
// options.AddPolicy("AllowSpecificOrigin",
// builder =>
// {
// builder
// .AllowAnyOrigin()
// .AllowAnyMethod()
// .AllowAnyHeader();
// });
//});
services.AddControllersWithViews();
// requires
// using Microsoft.AspNetCore.Identity.UI.Services;
// using WebPWrecover.Services;
services.AddTransient<IEmailSender, EmailSender>();
services.AddRazorPages();
services.AddSignalR();
services.AddResponseCompression(opts =>
{
opts.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(
new[] { "application/octet-stream" });
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseResponseCompression();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
app.UseWebAssemblyDebugging();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
//app.UseCors("AllowSpecificOrigin");
app.UseRouting();
app.UseIdentityServer();
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapControllers();
endpoints.MapHub<PlaylistHub>("/playlisthub");
endpoints.MapFallbackToFile("index.html");
});
UpdateDatabase(app);
}
private static void UpdateDatabase(IApplicationBuilder app)
{
using (var serviceScope = app.ApplicationServices
.GetRequiredService<IServiceScopeFactory>()
.CreateScope())
{
using (var context = serviceScope.ServiceProvider.GetService<ApplicationDbContext>())
{
context.Database.Migrate();
}
}
}
}
}
在服务器项目中将以下行添加到 startup.cs 似乎已经解决了我的问题:
app.Use((ctx, next) => { ctx.SetIdentityServerOrigin("https://www.my-domain-name-here.co.uk"); return next(); });
我也为此苦苦挣扎。终于想到了解决办法。在 Startup.ConfigureServices 中,像这样添加 IdentityServer 选项:
services.AddIdentityServer(options =>
{
options.PublicOrigin = Configuration["PublicOrigin"];
})
然后将 public HTTPS 来源放入您的 appsettings.json(例如 "PublicOrigin": "https://example.com")。
对此的解决方案是让 Cloudflare 强制所有流量为 HTTPS。
编辑:为确保正确,请遵循本教程:https://blog.cloudflare.com/how-to-make-your-site-https-only/
如果您使用的是 IdentityServer4,那么您可以将其放入您的启动程序中:
app.Use(async (ctx, next) =>
{
ctx.Request.Scheme = "https";
await next();
});
然后它将使 Identity Server 对其创建的所有链接使用 https。这对我使用反向代理很有帮助
@Carl 和@Jared 是正确的,但如果您使用负载均衡器或类似的东西,简单地强制 HTTPS 是行不通的。
示例请求通过 https 服务于来自 GCP Cloud 运行 中托管的应用程序的 http 端点链接。在 Azure 和 IIS 中为 https 端点提供完全相同的代码。
推荐的方法是在 IdentityServer4 中使用 PublicOrigin:
app.Use(async (ctx, next) =>
{
ctx.SetIdentityServerOrigin("https://example.com");
await next();
});
或
app.Use(async (ctx, next) =>
{
ctx.Request.Scheme = "https";
ctx.Request.Host = new HostString("example.com");
await next();
});
https://github.com/IdentityServer/IdentityServer4/issues/4535#issuecomment-647084412