http 请求已被 https 阻止
http request has been block from https
我有一个问题:
Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://api.example.com/api/demo.php'. This request has been blocked; the content must be served over HTTPS.
当来自“https://example.com' to 'http://api.example.com/api/demo.php”
的请求时它工作正常
这是一个混合内容警告,是一种不好的做法。 See below from mozilla
When a user visits a page served over HTTPS, their connection with the
web server is encrypted with TLS and hence safeguarded from sniffers
and man-in-the-middle attacks.
If the HTTPS page includes content retrieved through regular,
cleartext HTTP, then the connection is only partially encrypted: the
unencrypted content is accessible to sniffers and can be modified by
man-in-the-middle attackers, and therefore the connection is not
safeguarded anymore. When a webpage exhibits this behavior, it is
called a mixed content page.
你应该;
- 修改为使用 https 端点或
- 将请求代理为 https。
我有一个问题:
Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://api.example.com/api/demo.php'. This request has been blocked; the content must be served over HTTPS.
当来自“https://example.com' to 'http://api.example.com/api/demo.php”
的请求时它工作正常这是一个混合内容警告,是一种不好的做法。 See below from mozilla
When a user visits a page served over HTTPS, their connection with the web server is encrypted with TLS and hence safeguarded from sniffers and man-in-the-middle attacks.
If the HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only partially encrypted: the unencrypted content is accessible to sniffers and can be modified by man-in-the-middle attackers, and therefore the connection is not safeguarded anymore. When a webpage exhibits this behavior, it is called a mixed content page.
你应该;
- 修改为使用 https 端点或
- 将请求代理为 https。