今天早上,当我将Firefox浏览器升级到最新版本(从22升级到23)时,我的后台办公室(网站)的一些关键方面停止了工作。

查看Firebug日志,报告了以下错误:

Blocked loading mixed active content "http://code.jquery.com/ui/1.8.10/themes/smoothness/jquery-ui.css"
Blocked loading mixed active content "http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.10/jquery-ui.min.js"`

在其他错误中,由上述两个中的后者未加载引起。

上述问题是什么意思?我该如何解决?


当前回答

我发现这篇博客文章澄清了一些事情。引用最相关的部分:

Mixed Active Content is now blocked by default in Firefox 23! What is Mixed Content? When a user visits a page served over HTTP, their connection is open for eavesdropping and man-in-the-middle (MITM) attacks. When a user visits a page served over HTTPS, their connection with the web server is authenticated and encrypted with SSL and hence safeguarded from eavesdroppers and MITM attacks. However, if an HTTPS page includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The webpage that the user is visiting is only partially encrypted, since some of the content is retrieved unencrypted over HTTP. The Mixed Content Blocker blocks certain HTTP requests on HTTPS pages.

在我的例子中,解决方案是简单地确保jquery包含如下(注意去除协议):

<link rel="stylesheet" href="//code.jquery.com/ui/1.8.10/themes/smoothness/jquery-ui.css" type="text/css">
<script type="text/javascript" src="//ajax.aspnetcdn.com/ajax/jquery.ui/1.8.10/jquery-ui.min.js"></script>

请注意,临时的“修复”是点击地址栏左上角的“屏蔽”图标,并选择“禁用此页面上的保护”,尽管出于明显的原因,不建议这样做。

更新:这个来自Firefox (Mozilla)支持页面的链接在解释什么是混合内容方面也很有用,正如上面一段所给出的,它实际上提供了如何显示页面的细节:

Most websites will continue to work normally without any action on your part. If you need to allow the mixed content to be displayed, you can do that easily: Click the shield icon Mixed Content Shield in the address bar and choose Disable Protection on This Page from the dropdown menu. The icon in the address bar will change to an orange warning triangle Warning Identity Icon to remind you that insecure content is being displayed. To revert the previous action (re-block mixed content), just reload the page.

其他回答

如果你的应用服务器是weblogic,那么确保WLProxySSL ON条目存在(也要确保它不应该被注释)在webserver的conf目录下的weblogic.conf文件中。然后重新启动web服务器,它将工作。

由于安全性,它给出了误差。 为此,请在网站url中使用“https”而不是“http”。

例如:

   "https://code.jquery.com/ui/1.8.10/themes/smoothness/jquery-ui.css"
   "https://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.10/jquery-ui.min.js"

我只是通过在头部添加以下代码来修复这个问题:

    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

将下面的<meta>标记放入文档的<head>部分,强制浏览器将不安全连接(http)替换为安全连接(https)。如果连接能够使用https,这可以解决混合内容的问题。

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

如果你想要阻塞,那么将下面的标签添加到<head>标签中:

<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">

我发现,如果你在包含或混合http://www.example.com之类的页面时遇到问题,你可以通过放置//www.example.com来解决