IE警告解决方法? 包含安全和不安全项目的页面
我有一个在 URL 中使用“https”进行安全查看的页面,该页面还包含用于播放 YouTube 视频的 YouTube 网址。 由于 youtube URL 包含“http”而没有“s”,IE 会给出一个警告对话框“此页面包含安全和不安全的项目”。
有没有办法可以在 Javascript 中解决这个问题? 也许在页面加载后使用函数生成 YouTube 播放器 HTML? 该网址仍然必须以“http://”开头
编辑:感谢大家迄今为止的输入! 我知道这听起来不可能。 如果有一些条件注释或其他内容,我会很高兴,这样我就可以告诉 IE 隐藏此对话框。 这让我们的客户感到困惑,因为世界上大部分地区都在 IE 中,而 FF 的行为要好得多,因为它会告诉您是否单击损坏的锁,而不是烦人的弹出窗口。 这就像新版本的“你的程序执行了非法操作”。 (用户向警方隐藏)我将 youtube 视频嵌入到 src 来自 youtube 的页面上。 我正在使用他们的播放器,因为它是由他们托管的。 我认为没有办法摆脱这种情况。
我想我的解决方法是仅将 HTTPS 应用于非常敏感的页面(密码更改、登录),并在所有其他页面中使用 HTTPS,这样 YouTube 视频就不会出现此弹出窗口。 我使用 PHP,担心如果这样做的话 SESSION 会被破坏,但我想这是唯一的方法,并且会等待周一解决这个问题。
I have a page that is viewed secured with 'https' in the URL, that also contains youtube urls to play video from youtube. Since the youtube URL contains 'http' with no 's' IE is giving an a warning dialog of "This page contains both secure and non-secure Items."
Is there a way I can workaround this in Javascript? Maybe after the page loads generate the youtube player HTML with a function? The url will still have to begin with 'http://'
EDIT: Thanks everyone for the input so far! I know this sounds impossible. I'd be happy if there was some conditional comment or something so I can tell IE to suppress this dialog box. It confuses our customer since most of the world is in IE, FF has much better behavior in that it tells you if you click the broken lock, but not an annoying popoup. This is like a new version of "your program has performed an illegal operation." (user hides from police) I am embedding youtube video onto the page where the src is from youtube. I am using their player, as it is hosted by them. No way out of this that I see.
I guess my fix is to only apply HTTPS to the very sensitive pages (password change, login) and come out of it in all others so youtube videos don't give this popup. I am in PHP and am worried the SESSION will get clobbered if I do this but I guess it is the only way around and will wait to tackle that bear monday.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(10)
为了解决这个问题,我所做的一件事是在我的 SSL 站点上创建一个页面来代理第 3 方资源。 这样客户端只能看到 SSL URL。
例如,您的 Flash 播放器可以指向 URL“https://YourSite.com/proxy.aspx?URL=http://www.youtube.com/video.swf"。 当调用“proxy.aspx”时,它将向查询字符串中的 URL 发出新的 Web 请求,并将数据返回给客户端。
如果您这样做,您需要验证代理 URL 或使用某种 ID,以便 URL 无法更改,因为您要让浏览器相信此内容是可信的。
One thing I've done to work around this problem is to create a page on my SSL site that proxies in the 3rd party resource. That way the client only sees SSL URLs.
For example, you flash player could point to the URL "https://YourSite.com/proxy.aspx?URL=http://www.youtube.com/video.swf". When "proxy.aspx" is called, it would make a new web request to the URL in the query string and return the data to the client.
If you do this you need to validate the proxied URL or use some kind ID so that the URL can not be changed since you are convincing the browser that this content is trusted.
我已经使用以下方法在所有浏览器上解决了这个问题:
1)使用快照上的“播放图像”标签创建视频开头的缩略图,并将图像托管在您自己的 https 服务器上。 将缩略图嵌入您想要视频的位置。
2) 当用户单击图像时,调用 Javascript onclick 处理程序来创建一个新窗口,其中包含 http 嵌入的 youtube 视频的 href。
3) 视频现在将出现在主页的弹出窗口中。
我通常使用视频作为我的网站的教程,因此将视频放在弹出浏览器窗口中效果很好,因为它可以与主要内容一起查看,并让用户可以跟随网站进行操作。 浏览器甚至不会发出重定向警告,表明您正在从 https 站点调用 http 弹出窗口,因此您的用户不会在任何浏览器上看到任何“可怕的”非安全项目警告。
希望这会有所帮助,我的网站着陆页上有上述示例:https://drchrono.com/
更新:我通过拍摄正在播放的视频的屏幕截图来制作图像预览。
I've worked around this problem on all browsers using the following:
1) Create a thumbnail image of the start of the video with the "Play image" tag on the snapshot and host the image on your own https server. Embed the thumbnail where you want the video to be.
2) When the user clicks on the image invoke a Javascript onclick handler to create a new window with the href of the http embedded youtube video.
3) The video will now appear in a popup of the main page.
I usually use videos as tutorials for my site, so having the video in a popup browser window works well because it can be viewed alongside the main content and lets the user follow along with the site. The browsers do not even give a redirect warning that you are invoking an http popup from an https site, so your users will not see any "scary" non-secure item warnings on any browsers.
Hope this helps, I have an example of the above on the landing page of my site: https://drchrono.com/
UPDATE: I made the image preview by taking a screenshot of the playing video.
根据这篇最近的 YouTube API 博文 ,嵌入式YouTube视频已经支持通过HTTPS访问。 如果是这种情况(我还没有测试过,但同样我没有理由不相信它们),那么您应该能够将“s”粘贴到您的嵌入 URL 中,它就会正常工作。
According to this quite recent YouTube API blog post, embedded YouTube videos already support access via HTTPS. If this is the case, (and I haven't tested it, but equally I have no reason to not believe them), then you should just be able to stick the "s" into your embed URL and it will work just fine.
如果有办法解决的话,这将是 IE 中的一个安全缺陷,微软会修补它,所以我认为你不会逃脱混合内容和没有警告的情况。
唯一的选择是您自己托管 FLV。 有许多基于 SWF 的优秀 FLV 播放器可供使用。
If there was a way around it would be a security flaw in IE and Microsoft would patch it, so I don't think you're going to get away with mixed content and no warning.
The only alternative is to host the FLVs yourself. There are a number of good SWF based FLV players available.
安全网页上存在不安全链接是一个几乎没有解决方法的问题。 一种选择是当用户通过 https 连接时排除页面上的特定内容。 通过这种方式,非安全页面加载将显示内容,而安全页面加载将不会显示内容:
我已经使用此方法取得了很大成功......希望这会有所帮助。
Having insecure links on a secure web page is an issue that has little workaround. One option is to exclude specific content on your page when a user connects via https. In this way a non-secure page load would display the content and a secure page load would not display the content:
I have used this method with much success... Hope this helps.
我也遇到过同样的问题并找到了解决方案。
它无需关闭 SSL 认证即可工作。
分步说明修复Google chrome指南
您可以查看下面列出的修复页面。 它有 YouTube、Flickr 和许多其他网站的链接。 它是安全的,并且已经存在了几个月了。 希望它也能帮助你。
I have had this same problem and found a solution.
It works without having to turn of SSL certification.
Step by step guide to fix Google chrome
You can view the fixed page listed below. It has links to YouTube,Flickr and many other websites. It is secure and has been for a few months now. Hope it helps you too.
Apache httpd 服务器的 mod_rewrite 模块可用于在 SSL 安全页面上嵌入 YouTube 视频而不会出现任何错误,详细信息请参阅 Adam Mershon 的博客。
它涉及设置重写规则以将 SSL 域内的路径重定向到非 SSL YouTube:
.htaccess
因此,您可以在 HTML 中嵌入看似来自您自己的域的 YouTube 链接 URL,例如:
The mod_rewrite module of the Apache httpd server can be used to embed YouTube videos on SSL secure pages without any errors, as detailed on Adam Mershon's blog.
It involves setting up a rewrite rule to redirect a path within the SSL domain to non-SSL YouTube:
.htaccess
So that inside your HTML you can embed YouTube link URLs appearing to be from your own domain, such as:
使用 Javascript 替换 URL 不起作用。 IE7 拦截内容,然后拦截警告。
我尝试使用 (jQuery) $(function() { }); 它有点有效。 您可以在对话框中单击“是/否”,内容仍然会加载。
Using Javascript to replace the URL does not work. IE7 intercepts the content, and thereafter, the warning.
I tried using (jQuery) $(function() { }); it sortof works. You can click yes/no to the dialog, the content will load nonetheless.
这在我的世界里是一个严重的问题。 它赢得了用户对我的工作的评论,例如“它不方便使用”、“它坏了”或“它杀死了我的小猫”。
代理解决方案可能是唯一即将推出的伪修复程序。 只是这显然也不是一个完美的解决方案。
我尝试通过尽可能多地在 https 上运行我的网站来更好地导航。 显然 youtube 的情况并没有因此得到解决。
IE,真是一群愚蠢的、充满恐惧的可憎软件。 我希望 IE9 真的像看起来那样好得多。 只是,不支持 XP 意味着,嗯,有点像它从未发布过。 作为最n00biest的用户,会不知不觉地对现状进行写保护,直到2247年XP驱动的中国天网最终给我们喂食红色药丸......
This is a severe problem in my world. It earns my work comments from users like "It's not user-friendly", "It's broken" or "It killed my kitten".
The proxy solution probably is the only pseudo-fix that's gonna roll. Just that it's clearly not a perfect solution either.
I try to navigate this a bit better by running as much of my sites on https as I can. Obviously the youtube case isn't fixed by that.
IE, what a silly hunk of FUD-pushing abominationware. I hope IE9 really is as vastly better as it seems. Just, not supporting XP means, well, it's sort of like it was never released. As the n00biest of users, will unwittingly write-protect the status quo until the XP-powered Chineese Skynet of 2247 finally feeds us the red pill...
您的问题发生在使用 Https 抓取主页,同时使用 http 抓取一个或多个包含的文件(图像、javascript、css 等)。 将 http url 修复为 https。
Your problem occurs become the main page is grabbed using Https whilst one or more included files ( images, javascript, css etc ) is fetched using http. Fix the http url to be https.