在网站升级为https之后我遇到了一个问题:
Mixed Content: The page at 'https://www.hoscen.cn/xxx/xxx' was loaded over HTTPS, but requested an insecure frame 'http://dict.xxx.xxxxxx'. This request has been blocked; the content must be served over HTTPS.
出现原因:
我们的页面是https的,但是包含了http资源(图片、样式、iframe等)
解决方法:
方法1、在服务器响应头添加header("Content-Security-Policy: upgrade-insecure-requests");
方法2、在页面添加meta属性,http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"
页面一旦发现存在上述响应头,会在加载 http 资源时自动替换成 https 请求 .