Fatal编程技术网
  • google-chrome/
  • Google chrome 如何基于nginx设置升级不安全请求

Google chrome 如何基于nginx设置升级不安全请求

google-chrome nginx https

Google chrome 如何基于nginx设置升级不安全请求,google-chrome,nginx,https,Google Chrome,Nginx,Https,我已将我的站点更改为https,但我在代码中使用了静态文件的cdn。它无法工作,chrome控制台显示如下错误: Mixed Content: The page at 'https://a.example.com/static/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css'. This reque

我已将我的站点更改为https,但我在代码中使用了静态文件的cdn。它无法工作,chrome控制台显示如下错误:

Mixed Content: The page at 'https://a.example.com/static/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css'. This request has been blocked; the content must be served over HTTPS.

server {
    listen 80;
    listen 443;
    server_name a.example.com;
    add_header Content-Security-Policy upgrade-insecure-requests;

    if ($scheme != "https") {
       return 301 https://$server_name$request_uri;
       #rewrite ^ https://$server_name$request_uri? permanent;
    }


    ssl on;
    ssl_certificate /etc/nginx/ssl/example.crt;
    ssl_certificate_key /etc/nginx/ssl/example.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;

    gzip on;
    gzip_proxied any;
    gzip_types text/plain application/xml application/json;
    client_max_body_size 8M;
    access_log /var/log/nginx/example.log;
    location / {
            proxy_pass http://10.10.10.110:5000;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header Host $host;
    }
    location ^~ /static/ {

            proxy_pass http://10.10.10.110:8888;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header Host $host;
           #proxy_set_header Content-Security-Policy upgrade-insecure-requests;
    }
我添加了
add_头内容安全策略升级不安全请求如下所示:


Mixed Content: The page at 'https://a.example.com/static/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css'. This request has been blocked; the content must be served over HTTPS.



server {
    listen 80;
    listen 443;
    server_name a.example.com;
    add_header Content-Security-Policy upgrade-insecure-requests;

    if ($scheme != "https") {
       return 301 https://$server_name$request_uri;
       #rewrite ^ https://$server_name$request_uri? permanent;
    }


    ssl on;
    ssl_certificate /etc/nginx/ssl/example.crt;
    ssl_certificate_key /etc/nginx/ssl/example.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;

    gzip on;
    gzip_proxied any;
    gzip_types text/plain application/xml application/json;
    client_max_body_size 8M;
    access_log /var/log/nginx/example.log;
    location / {
            proxy_pass http://10.10.10.110:5000;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header Host $host;
    }
    location ^~ /static/ {

            proxy_pass http://10.10.10.110:8888;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header Host $host;
           #proxy_set_header Content-Security-Policy upgrade-insecure-requests;
    }


}


但它还不起作用!有人能告诉我怎么解决这个问题吗?thx:)
请注意,
升级不安全请求
是,例如Safari和IE

我建议您只替换代码中的HTTP请求。您可以使用
/
相对于调用它的协议加载它,如下所示:


//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css



这意味着,如果您从HTTPS上下文打开web应用程序,它将使用HTTPS协议加载,否则它将使用HTTP。
这是我的chrome和nginx版本
chrome
51.0.2704.84(64位)
nginx
1.4.6 ubuntu