<i id="er8bl"><thead id="er8bl"><li id="er8bl"></li></thead></i>
    1. <wbr id="er8bl"></wbr>
      <u id="er8bl"><tr id="er8bl"><samp id="er8bl"></samp></tr></u>
      1. <wbr id="er8bl"><ins id="er8bl"><p id="er8bl"></p></ins></wbr>
      2. <i id="er8bl"><sub id="er8bl"><pre id="er8bl"></pre></sub></i>
        1. <wbr id="er8bl"></wbr>
        <u id="er8bl"></u>

      3. 龍巖易富通網絡科技有限公司

        龍巖小程序開發,龍巖分銷系統

        NGINX下升級HTTPS錯誤:Mixed Content: The page at ‘https://XXX’ was loaded over HTTPS, but requested an ins

        2020.04.06 | 1936閱讀 | 0條評論 | 服務器配置

        提示或報錯:


        Mixed Content: The page at 'https://www.example.com' was loaded over HTTPS, but requested an insecure image ‘http://static.example.com/test.jpg’. This content should also be served over HTTPS.

        首先,為了解決樣式問題,我在前端頁面,引入了一個meta


        <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />

        等效于用PHP設置頭部


        header("Content-Security-Policy: upgrade-insecure-requests");

        這樣導致了一個問題,我的測試環境下并沒有ssl證書,因此又冒出很多問題。


        后面在nginx上做處理。一個nginx的配置


        server {

                listen       443;

                server_name  www.example.com;

                #charset koi8-r;


                error_log  /logs/nginx/error.log;

                root /var/www/www.example.com;

                index  index.php index.html index.htm;

                ssl on;

                ssl_certificate   cert/test/test.pem;

                ssl_certificate_key  cert/test/test.key;

                ssl_session_timeout 5m;

                ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

                ssl_prefer_server_ciphers on;


                add_header  X-Frame-Options  deny;

                add_header  X-Content-Type-Options  nosniff;

                add_header  X-XSS-Protection "1; mode=block";

                add_header Strict-Transport-Security max-age=86400;

                add_header Content-Security-Policy "upgrade-insecure-requests;default-src *;script-src 'self' https://static.example.com http://static.example.com 'unsafe-inline' 'unsafe-eval';style-src https://static.example.com http://static.example.com 'self' 'unsafe-inline';frame-src 'self';connect-src 'self';img-src https://static.example.com http://static.example.com data: blob: 'self'";


                location / {

                        if (!-f $request_filename){

                                rewrite ^/(.*)$ /index.php?s=$1 last;

                                break;

                        }

                        limit_except GET POST DELETE PUT {

                                deny all;

                        }

                }



                error_page   500 502 503 504  /50x.html;

                location = /50x.html {

                                root   html;

                }


                # proxy the PHP scripts to Apache listening on 127.0.0.1:80

                #

                #location ~ \.php$ {

                #    proxy_pass   http://127.0.0.1;

                #}


                # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

                #

                location ~ \.php$ {

                                fastcgi_pass   127.0.0.1:9000;

                                fastcgi_index  index.php;

                                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

                                include        fastcgi_params;

                }


                # deny access to .htaccess files, if Apache's document root

                # concurs with nginx's one

                #

                location ~ /\.ht {

                                deny  all;

                }

        }

        贊 (

        發表評論

        91精品久久人人妻人人爽人人_亚洲日本电影久久_九九精品插国产视频_亚洲一级二级黄片