如何摆脱 IE8 ssl 警告消息“您只想查看安全传送的网页内容吗?”使用脚本管理器?
我们的 asp.net 网站上的登录页面使用 https,而几乎所有其他页面都不使用 https。在此登录页面上,IE8用户会收到“您只想查看安全传送的网页内容吗?”信息。许多用户出于习惯而按“是”,这会破坏我们的登录页面。我知道问题源于 ScriptManager 生成的 WebResource.axd 和 ScriptResource.axd 脚本标记。
我已经尝试了引用 ScriptResource.axd/WebResource.axd 的每种方法 - 但无论我做什么,我都会收到相同的 IE8 警告 - 一些示例:
<script src='https://www.mysite.org/ScriptResource.axd?123' type="text/javascript"></script>
<script src=' /ScriptResource.axd?123' type="text/javascript"></script>
<script src=' //www.mysite.org/ScriptResource.axd?123' type="text/javascript"></script>
<script src=' ../ScriptResource.axd?123' type="text/javascript"></script>
这是 没有 axd 脚本的简单页面(没有 IE8 提示) 和 具有相同标记和单个 axd 脚本的另一个页面(生成 IE8 提示符)。
认为iis中对于axd文件可能有一些奇怪的重定向 - 我什至尝试过response.redirecting axd请求以保护global.asax中的url。 Application_BeginRequest 没有效果。
有谁知道一种方法,可以包含由脚本管理器生成的 ScriptResource.axd/WebResource.axd 脚本,而不会触发“您只想查看安全交付的网页内容吗?” IE8 消息?谢谢!
A login page on our asp.net website uses https – while almost all of our other pages do not. On this login page, IE8 users receive the “Do you want to view only the webpage content that was delivered securely?” message. Many users press “Yes” out of habit which breaks our login page. I know the problem stems from the WebResource.axd and ScriptResource.axd script tags generated by ScriptManager.
I’ve tried every method of referencing ScriptResource.axd/WebResource.axd – but no matter what I do I get the same IE8 warning – some examples:
<script src='https://www.mysite.org/ScriptResource.axd?123' type="text/javascript"></script>
<script src=' /ScriptResource.axd?123' type="text/javascript"></script>
<script src=' //www.mysite.org/ScriptResource.axd?123' type="text/javascript"></script>
<script src=' ../ScriptResource.axd?123' type="text/javascript"></script>
Here is an example of a simple page with no axd script (no IE8 prompt) and another page with the same markup and a single axd script (produces the IE8 prompt).
Thinking there might be some strange redirection in iis for axd files - I’ve even tried response.redirecting axd requests to secure urls in global.asax. Application_BeginRequest with no effect.
Does anyone know of a way to include the ScriptResource.axd/WebResource.axd scripts generated by script manager in a manner that does not trigger the "Do you want to view only the webpage content that was delivered securely?” IE8 message? Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
查看流量,发现某些东西正在将 ScriptResource.axd 的 https 请求重定向到等效的 http 请求。我不知道任何特定于 ScriptResourceHandler 的设置可以做到这一点,而且我确实知道我们一直通过 https 使用 MS AJAX 脚本,没有任何问题。我会尝试暂时删除您必须查看的任何 Application_BeginRequest 处理程序,看看它是否继续重定向。
Looking at the traffic, something is redirecting https requests for ScriptResource.axd to the http equivalent. I'm not aware of any setting specific to ScriptResourceHandler that would do this, and I do know that we use MS AJAX scripts all the time over https without issue. I would try temporarily removing any Application_BeginRequest handler you have to see if it continues to redirect.
您还必须从 SSL 加密服务器交付脚本。通过 HTTPS。出现这种情况是因为某些脚本来自非 SSL 通道。
You have to deliver your scripts from an SSL encrypted server as well. VIA HTTPS. This occurs because some of the scripts are coming from non SSL channels.
使用 Fiddler2 嗅探请求,这可能会让您更深入地了解来回传递的内容浏览器到服务器。
查看登录页面的页面加载,所有 *.axd 文件都是通过 SSL 调用的。
另请查看您的 cookie 是否在登录页面上写入/读取任何 cookie。这肯定会导致 IE8(以及我的机器上的 FF 3.67)中弹出消息。
这是我能给出的关于去哪里寻找的最佳建议。
希望有帮助。
Use Fiddler2 to sniff the request that might give you more insight on what is being passed back and forth from the browser to the server.
Looking at the page load for your log in page all *.axd files are called over SSL.
Also have a look at your cookies are you writing/reading any cookies on the log in page. This can certainly cause the pop up message in both IE8 (and consequently FF 3.67 on my machine).
That's the best advice I can give as to where to look.
Hope it helps.
不确定您是否看过此页面。它讨论了使用 Fiddler 来解决问题(向下滚动到最后)。
Internet Explorer 8 混合内容处理
Not sure if you have looked at this page. It talks about using Fiddler to troubleshoot the issue (scroll down towards the end).
Internet Explorer 8 Mixed Content Handling