SSL iframe 嵌入其他网站
来自具有 SSL 证书的域的 Iframe 将嵌入到其他站点 (foo.com)。
- foo.com 必须有 SSL 证书吗?
- 如果foo.com有SSL证书,会出现安全错误吗? foo.com 有 foo.com 的 SSL 证书,但 iframe 域有其他 SSL 证书。
- 如果foo.com没有SSL证书,会出现安全错误吗?
Iframe from domain with SSLcertificate will be embedded on other site (foo.com).
- Must foo.com have SSL cerificate?
- If foo.com has SSL certificate, will it be an security error? foo.com has SSL certificate for foo.com, but iframe domain has other SSL certificate.
- If foo.com hasn't got SSL certificate, will it be an security error?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
摘要
在主页和 iframe 页面之间拥有不同的证书不是问题。
在
http://
页面上嵌入带有的
https://
页面不是问题。但是,如果您运行的
https://
安全页面通过http://
嵌入非安全页面,那么您可能会得到类似这样的信息 (Internet Explorer) :这取决于浏览器及其设置。例如,在 IE 中,您可以将其关闭:
Summary
Having different certificates between the main page and iframed pages is not a problem.
Embedding
https://
pages with<iframe />
on ahttp://
page is not a problem.However, if you are running a
https://
secured page that embeds non-secure pages viahttp://
, then you might get something like this (Internet Explorer):It depends on the browser and its settings. For example, in IE you can turn this off:
查看 iFrame 的最佳方式是将其视为几乎独立的浏览器。如果 foo.com 不是 SSL,但 iFramed 站点是 SSL,您将不会收到任何错误。
如果您对此进行切换,其中 foo.com 有 SSL 而 IFramed 站点没有,您可以从浏览器收到有关混合内容的安全警告。
The best way to look at an iFrame is to see it as almost a separate browser. In the case of foo.com not being SSL but the iFramed site being SSL you will not get any errors.
If you switch this around, where foo.com has SSL and the IFramed site doesn't, you can get a security warning about mixed-content from the browser.
如果两个网站使用不同的 SSL 证书也没有关系。但是,如果嵌入 iframe 的网站未受 SSL 保护,即使嵌入 iframe 的网站受 SSL 保护,您也会收到部分加密的错误消息。我只知道这一点,因为这就是我现在正在处理的事情。在我删除了没有 SSL 保护的 iframed 网站后,我的网页才得到安全保护。
It does not matter if the two websites use different SSL certificates. However, if the website that is being iframed is not SSL protected you will get a partially encrypted error message even if the website with the iframe embedded on it is SSL protected. I only know this because this is what I am dealing with right now. My web page was only secured after I took out the iframed website that did not have SSL protection.
虽然主网站(包含 iframe)不必使用 SSL,但确实应该使用 SSL,至少在安全性是一个问题的情况下(这是使用 SSL 的重点)。
不这样做会阻止用户检查 iframe 是否确实安全地提供服务以及它来自哪个站点,这使得 SSL 的使用毫无用处。 (示例此处。)
While the main website (which contains the iframe) doesn't have to be using SSL, it really should, at least if security is a concern (which is the point of using SSL).
Not doing so prevents the user from checking that the iframe is indeed served securely and from which site it's from, which makes its usage of SSL useless. (Examples here.)