Google chrome 如何基于nginx设置升级不安全请求
我已将我的站点更改为https,但我在代码中使用了静态文件的cdn。它无法工作,chrome控制台显示如下错误:Google chrome 如何基于nginx设置升级不安全请求,google-chrome,nginx,https,Google Chrome,Nginx,Https,我已将我的站点更改为https,但我在代码中使用了静态文件的cdn。它无法工作,chrome控制台显示如下错误: Mixed Content: The page at 'https://a.example.com/static/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css'. This reque
Mixed Content: The page at 'https://a.example.com/static/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css'. This request has been blocked; the content must be served over HTTPS.
server {
listen 80;
listen 443;
server_name a.example.com;
add_header Content-Security-Policy upgrade-insecure-requests;
if ($scheme != "https") {
return 301 https://$server_name$request_uri;
#rewrite ^ https://$server_name$request_uri? permanent;
}
ssl on;
ssl_certificate /etc/nginx/ssl/example.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
gzip on;
gzip_proxied any;
gzip_types text/plain application/xml application/json;
client_max_body_size 8M;
access_log /var/log/nginx/example.log;
location / {
proxy_pass http://10.10.10.110:5000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
}
location ^~ /static/ {
proxy_pass http://10.10.10.110:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
#proxy_set_header Content-Security-Policy upgrade-insecure-requests;
}
我添加了add_头内容安全策略升级不安全请求如下所示:
Mixed Content: The page at 'https://a.example.com/static/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css'. This request has been blocked; the content must be served over HTTPS.
server {
listen 80;
listen 443;
server_name a.example.com;
add_header Content-Security-Policy upgrade-insecure-requests;
if ($scheme != "https") {
return 301 https://$server_name$request_uri;
#rewrite ^ https://$server_name$request_uri? permanent;
}
ssl on;
ssl_certificate /etc/nginx/ssl/example.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
gzip on;
gzip_proxied any;
gzip_types text/plain application/xml application/json;
client_max_body_size 8M;
access_log /var/log/nginx/example.log;
location / {
proxy_pass http://10.10.10.110:5000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
}
location ^~ /static/ {
proxy_pass http://10.10.10.110:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
#proxy_set_header Content-Security-Policy upgrade-insecure-requests;
}
}
但它还不起作用!有人能告诉我怎么解决这个问题吗?thx:)请注意,升级不安全请求
是,例如Safari和IE
我建议您只替换代码中的HTTP请求。您可以使用/
相对于调用它的协议加载它,如下所示:
//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css
这意味着,如果您从HTTPS上下文打开web应用程序,它将使用HTTPS协议加载,否则它将使用HTTP。这是我的chrome和nginx版本chrome
:51.0.2704.84(64位)
nginx
:1.4.6 ubuntu