使用 Internet Explorer 在启用 SSL 的网站上显示图像

发布于 2024-09-30 05:38:57 字数 130 浏览 3 评论 0原文

实施 SSL 后,我的网站出现图像不显示的问题。场景是图像来自 images.domain.com(托管在 Amazon S3 上),而我的证书适用于 www.domain.com。

这个问题似乎只发生在IE中,其他浏览器中没有。

I have a problem with my site after implementation of SSL that images do not appear. The scenario is that images come from images.domain.com (hosted on Amazon S3) and my certificate is for www.domain.com.

This problem only seems to happen in IE and not in any other browsers.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

笨死的猪 2024-10-07 05:38:57

该问题与“混合内容”相关 - HTTPS 页面嵌入了 HTTP 资源(图像、脚本等)。

使用 HTTPS 的目的是确保只有原始服务器和客户端才能访问受保护的页面。然而,理论上,如果嵌入 HTTP 资源,这种安全性可能会受到损害 - 服务器可能会拦截不安全的 JavaScript 文件并注入一些代码来更改安全页面的加载。

大多数浏览器会通过更改“安全锁”图标来指示安全页面包含混合内容,方法是将锁显示为打开或损坏,或者将图标设为红色(Chrome 会短暂显示骷髅头和交叉骨,但它们意识到这对于潜在威胁级别来说有点严重)。

Internet Explorer(取决于版本)将显示一条消息,询问是否应显示不安全内容(IE<=7),或者是否仅应显示安全内容(IE>=8)。听起来您似乎以某种方式禁用了此消息以始终隐藏不安全的内容,但这不是默认行为。

我认为最适合您的解决方案是将 S3 链接替换为 HTTPS 版本。

The issue is related to "mixed content" - HTTPS pages which have HTTP resources (images, scripts, etc) embedded.

The point of using HTTPS is to ensure that only the originating server and the client have access to the secured page. However, in theory it might be possible for this security to be compromised if HTTP resources are embedded - a server might intercept an unsecured javascript file and inject some code to alter the secured page onload.

Most browsers will indicate that a secure page has mixed content by altering the "secure lock" icon, either by showing the lock as open or broken, or by making the icon red (Chrome displayed a skull and crossbones for a short time, but they realised that this was a bit serious for the potential threat level).

Internet Explorer (depending on the version) will display a message either asking whether the insecure content should be shown (IE<=7), or whether only the secure content should be shown (IE>=8). It sounds like you have somehow disabled this message to always hide the insecure content, however that's not the default behaviour.

I think the best solution for you is to replace your S3 links with HTTPS versions.

时光瘦了 2024-10-07 05:38:57

我不是一个 Web 开发人员,但经常处理 IE 的垃圾体验。我不确定您使用的是什么版本,但您没有通配符 SSL 证书(即 *.domain.com),那么这是否与 3rd 方图像中的老式限制有关?

请参阅这里了解我上面提到的内容以及IE 如何缓存跨域 HTTPS 内容,特别是图像。我不确定解决方案是什么,但我很好奇,所以我自己研究了一些,这可能会有所帮助。

I am not a web developer, but someone who often deals with the crap experience that is IE. I am not sure what version you are using, but you do not have a wildcard SSL cert (i.e. *.domain.com), so does it have something to do with an old-school limitation in 3rd party images?

See here for what I allude to above and a very good explanation of how IE caches cross-domain HTTPS content, specifically images. I am not sure what the solution is, but I was curious so I researched a little myself and this might help.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文