为什么我的网站上同时有 HTTPS 和 HTTP 链接,需要它们都是安全的!
我收到安全警报:“您将被定向到不安全的连接。您发送到当前站点的信息可能会传输到不安全的站点。是否要继续?”当我尝试以客户身份登录我的客户 oscommerce 网站时。我注意到状态栏中的链接从 https 前缀变为不安全的 http 前缀。该网站有 SSL 证书,那么如何确保网站的整个商店部分定向到安全网站?
I am getting the security alert: "You are about to be directed to a connection that is not secure. the information you are sending to the current site might be transmitted to a non-secure site. Do you wish to continue?" when I try to login as a customer on my clients oscommerce website. I noticed the link in the status bar goes from a https prefix to a nonsecure http prefix. The site has a SSL certificate, so how do I ensure the entire store portion of the site directs to the secured site?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
页面的某些部分(最常见的是图像或脚本)可能会以不安全的方式加载。您需要在浏览器的“查看页面源代码”视图中一一查看它们并消除原因(最常见的是指向
http://的配置设置)。您可能嵌入到网站中的一些外部工具(例如 Google Analytics)可以通过
https://包含在内,有些则不然。在这种情况下,您可能必须从安全站点中删除这些工具。如果您无法切换所有设置,请尝试使用相对路径
,但首先是使用浏览器的源代码视图来识别非安全元素。
从
https://页面立即重定向到http://页面不会导致您所描述的警告。你能具体说明这是怎么回事吗?It is likely that some parts of the page, most often images or scripts, are loaded non-secure. You'll need to go through them in the browser's "view page source" view one by one and eliminate the reason (most often, a configuration setting pointing to
http://).Some external tools like Google Analytics that you may be embedding on your site can be included through
https://, some don't. In that case, you may have to remove those tools from your secure site.If you can't switch all the settings, try using relative paths
but the first thing is to identify the non-secure elements using the source code view of your browser.
An immediate redirection from a
https://page to ahttp:/one would not result in a warning as you describe. Can you specify what's up with that?使用 Fiddler 并浏览您的网站,在列表中应该可以清楚地看出哪些内容正在使用 HTTP 和 HTTPS。
Use Fiddler and browse your site, in the listing it should become evident what is using HTTP and HTTPS.
确保通过 https 包含以下内容:
如果您确信自己的内容没有通过 http 包含,请检查跟踪像素和其他第三方小工具等内容。
编辑:现在您已经链接了您的页面,我发现您的
更改为:
Ensure that the following are included over https:
If you're confident none of your own stuff is included over http, check things like tracking pixels and other third-party gadgets.
Edit: Now that you've linked your page, I see that your
<base>tag is the problem:Change to:
如果 Pekka 的建议不适合您的需求,您可以尝试使用基于架构(http 或 https)的相对链接:
例如,
此技术的唯一问题是它不适用于所有浏览器中的 CSS 文件;尽管它确实可以在 Javascript 和内联 CSS 中工作。 (我在这里可能是错的;有人想检查吗?)。
例如,以下内容:
...可能会失败。
对源代码进行简单的查找/替换可能很容易。
If the suggestion from Pekka doesn't suit your needs you can try using relative links based on the schema (http or https):
e.g.,
The only problem with this technique is that it doesn't work with CSS files in all browsers; though it does work within Javascript and inline CSS. (I could be wrong here; anyone want to check?).
e.g., the following :
...might fail.
A simple Find/Replace on your source code could be easy.
在我看来,您提交的 HTML 表单被硬编码为发布到非安全页面。
It sounds to me like the HTML form you are submitting is hardcoded to post to a non-secure page.