亚马逊小部件和 SSL
我正在尝试将亚马逊“推荐产品”小部件嵌入到网站中。我们在网站的所有页面上使用 SSL。
不幸的是,默认情况下,Amazon 小部件是使用简单的 IFrame 嵌入的,尽管 IFrame 的源可以是 https://,但 IFrame 中的图像和链接始终是 http://
IFrame 示例代码
<iframe src="https://rcm-uk.amazon.co.uk/e/cm?t=june2k&o=2&p=16&l=st1&mode=books-uk&search=potter&f=ifr&f=ifr"
width="468"
height="336"
border="0"
frameborder="0"
style="border:none"
marginwidth="0"
marginheight="0"
scrolling="no"></iframe>
不用说,这会导致“不安全内容”警告、挂锁损坏等。
到目前为止,我能想到的唯一解决方案是使用服务器获取 IFrame 的内容,解析它并重写所有图像链接以指向本地处理程序,该处理程序又代理图像。这似乎是一种脆弱的方法,具有大量的处理开销。这太恶心了。
有人有这方面的经验吗?这里有我缺少的方法吗?我可以让亚马逊返回有效的 https:// 网址吗?
如果我将图像 URL 从 http 更改为 https,则会收到证书不匹配错误 - 图像似乎是从 Akamai CDN 提供的,并且证书的通用名称不是用于提供图像的主机名。
I'm trying to embed an Amazon "Recommended Product" widget into a website. We use SSL across all pages on the site.
Unfortunately, the Amazon widget by default is embedded using a simple IFrame and although the source for the IFrame can be https://, the images and links within the IFrame are always http://
IFrame sample code
<iframe src="https://rcm-uk.amazon.co.uk/e/cm?t=june2k&o=2&p=16&l=st1&mode=books-uk&search=potter&f=ifr&f=ifr"
width="468"
height="336"
border="0"
frameborder="0"
style="border:none"
marginwidth="0"
marginheight="0"
scrolling="no"></iframe>
Needless to say this results in "insecure content" warnings, broken padlocks, etc.
So far the only solution I've been able to come up with is to get the contents of the IFrame using the server, parse it and re-write all the image links to point at a local handler which in turn proxies the images. It seems like a fragile approach with a lot of processing overhead. It's just nasty.
Does anyone have any experience with this? Is there a method here that I'm missing? Can I get Amazon to return valid https:// urls?
If I change the image urls from http to https in-situ, I get a certificate mis-match error - it seems the images are served from the Akamai CDN and the common name for the certificate isn't the hostname used to serve the images.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
经过大量挖掘,我在 Amazon 网站上找到了该小部件的一个版本,它在 SSL 模式下运行,没有错误。
查看 IFrame src 后,该 URL 多了一个参数
internal=1。我还没有在任何地方看到这个记录,但它似乎告诉小部件从 Amazon 网络而不是 Akamai 网络提供图像,并且支持 SSL。该网址应如下所示:
After a lot of digging, I found a version of the widget on the Amazon site which ran in SSL mode without errors.
After looking at the IFrame src, the URL has an additional parameter
internal=1. I haven't seen this documented anywhere but it seems to tell the widget to serve the images from Amazon's network instead of Akamai's, and SSL is supported.The url should look like this: