为什么已经通过 http 获取文件后还要通过 https 请求?

发布于 2024-08-28 01:23:44 字数 213 浏览 4 评论 0原文

我试图更好地理解 Http/Https 以及我向客户端发送的标头。

当已经在 Http 下获取相同的文件时,客户端是否必须在 Https 下重新获取该文件,或者我是否需要发送特殊标头?

嗯,该文件通过 http/https 提供的原因是它只是一个横幅。当用户转到安全页面时,横幅仍位于该特定模板中。一旦用户通过 Https 获取文件,该文件就会按预期缓存。

沃尔特

I am trying to understand Http/Https a little better and possibly what headers I'm sending clients.

Does the client have to re-fetch the same file under Https when it has already been fetched under Http, or do I need to send special headers?

Well, the reason the file is served over http/https is that it is simply a banner. When the user goes to a secure page, the banner is still in that particular template. Once the user does get the file via Https, the file is cached as expected.

Walter

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

野却迷人 2024-09-04 01:23:44

https 被视为与 http 不同的“域”,因此,如果您通过 http 连接向客户端发送文件,则切换到 https(即使您不这样做)更改任何其他内容)浏览器仍会再次请求该文件 - 就好像该文件不在缓存中一样。就像您请求 http://www.example1.com/file.txt 并且那么 http://www.example2.com/file.txt 可能是“相同" 文件,但浏览器不知道,因此必须再次获取它。

不过,一旦通过 https 请求,它就会正常缓存。

https is considered a different "domain" from http and so if you send a file to a client over a http connection, then switch to https (even if you don't change anything else) the browser will still request the file again - as if the file wasn't in the cache. It's just like if you requested http://www.example1.com/file.txt and then http://www.example2.com/file.txt the might be the "same" file, but the browser doesn't know and so it's got to fetch it a second time.

Once it's requested it via https, though, it'll cache as normal.

╭⌒浅淡时光〆 2024-09-04 01:23:44

您不需要再次获取文件(而且绝对不应该)。

HTTPS 是 HTTP 与 SSL/TLS 的结合。它创建了一个安全连接,有助于防止窃听和中间人攻击。

您不需要通过安全通道再次获取它 - 无论是否通过加密通道获取,内容都将是相同的。

如果您通过安全通道第二次获取内容,有人可能仍然在第一次“监听”并看到您获取的数据。如果第二次与第一次没有任何关系,则进行获取操作。

如果您需要 HTTPS 的更高安全性,则根本不要通过非加密 HTTP 获取文件,因为它不安全,因此不受保护。

无需先执行 HTTP 然后 HTTPS 请求,只需执行一个 HTTPS 即可。

You don't need to fetch the file again (and definitely shouldn't).

HTTPS is HTTP combined with SSL/TLS. It creates a secure connection which can help prevent eavesdropping and man in the middle attacks.

You don't need to fetch it again over a secure channel - the content will be the same whether fetched via an encrypted channel or not.

If you fetch the content for a second time over a secure channel, someone could have still 'listened in' the first time and seen the data you fetched. The act of fetching if the second time is in no way connected to the first time.

If you require the added security of HTTPS, don't fetch the file over non encrypted HTTP at all, as it will not be secure and thus not protected.

There is no need to do an HTTP then HTTPS request, just do one HTTPS.

ペ泪落弦音 2024-09-04 01:23:44

网站可以通过 HTTP 和 HTTPS 传递不同版本的文件,因此浏览器必须将它们视为独立的。

所有内容均通过 URL 进行缓存。由于 URL 包含协议,因此文件的 HTTP 和 HTTPS 版本将有单独的缓存条目。

避免这种情况的方法是始终提供文件的 HTTPS 版本。您不能使用 HTTP 版本的安全页面,否则您会遇到 IE 可怕的混合内容警告:

http://blog.httpwatch.com/2009/04 /23/fixing-the-ie-8-warning-do-you-want-to-view-only-the-webpage-content-that-was-delivered-secured/

A website could deliver different versions of a file over HTTP and HTTPS so the browser has to treat them as being separate.

All content is cached by URL. Since the URL contains the protocol, there will be separate cache entries for the HTTP and HTTPS version of a file.

The way to avoid this is to always deliver the HTTPS version of a file. You can't use the HTTP version of a secure page or you run into IE's dreaded mixed content warning:

http://blog.httpwatch.com/2009/04/23/fixing-the-ie-8-warning-do-you-want-to-view-only-the-webpage-content-that-was-delivered-securely/

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文