当我通过 HTTP 加载包含 HTTPS 远程 javascript 的页面时收到 ActiveX 警告
所以基本上我有一个通过 http 加载的基本页面。
在这个应用程序中,我想包含一个远程托管的 JS 文件。目前,当我加载页面时,我总是收到有关安全的活动 X 警告。我几乎尝试了所有可能的方法来包含 Javascript 文件(jquery.getScript、以编程方式创建节点、转义字符等等)。
JS 文件本身位于 HTTPS 上的域上,但证书无效(显然指向其他地方)。 (这是我们的 QA 服务器)。我无权访问服务器,因此无法修改服务器端的任何内容。
如果我单击警告并选择“显示阻止的内容”,JS 文件仍然不会加载。
警告栏本身说:
为了帮助保护您的安全,Internet Explorer 已阻止此行为 网站显示安全证书错误的内容。点击 这里有选项...
选项有:
- 显示被阻止的内容
- 有什么风险?
- 信息栏帮助
如果我转到 javascript 文件本身,我会收到此警告:
该网站的安全证书有问题。
本网站出具的安全证书是为不同网站的地址。
安全证书问题可能表明有人试图欺骗您或 拦截您发送到服务器的任何数据。我们建议您 关闭该网页并且不要继续访问该网站。点击这里 关闭该网页。继续访问此网站(不推荐)。
有办法解决吗?
So basically I have a basic page that is loaded via http.
Inside this application I want to include a remotely hosted JS file. Currently when I load the page I always have the active X warning about security. I pretty much tried every possible way to include th Javascript file (jquery.getScript, creating a node programmatically, escaping characters and all that stuff).
The JS file itself is on a domain that is on HTTPS but that the certificate is not valid (pointing somewhere else apparently). (It's our QA server). I do not have access on the server and therefore am not able to modify anything server side.
If I click on the warning and select "Display blocked content" the JS file is still not loaded.
The warning bar itself says :
To help protect your security, Internet Explorer has blocked this
website from displaying content with security certificate error. Click
here for options...
Options are :
- Display blocked content
- What's the risk ?
- Information bar help
If I go to the javascript file itself I have this warning :
There is a problem with this website's security certificate.
The security certificate presented by this website was issued fora different website's address.
Security certificate problems may indicate an attempt to fool you or
intercept any data you send to the server. We recommend that you
close this webpage and do not continue to this website. Click here
to close this webpage. Continue to this website (not recommended).
Is there a way to make a workaround ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
此消息:“此网站提供的安全证书是为其他网站的地址颁发的”表示您用于访问该网站的 URL/主机名不是该网站的 URL/主机名该网站有证书。如果您在启用 HTTPS 解密的情况下运行 Fiddler (www.fiddler2.com),您将收到一个弹出警报,更清楚地解释这种不匹配情况(具体来说,通过显示服务器期望您的主机名)正在使用)。然后,您可以更正标记以使用正确的主机名引用站点,这将更正证书错误并使问题消失。
This message: "The security certificate presented by this website was issued for a different website's address" means that the URL/hostname that you're using to access the site isn't the URL/hostname for which the site has a certificate. If you run Fiddler (www.fiddler2.com) with HTTPS-decryption enabled, you'll get a popup alert that explains this mismatch more clearly (specifically, by showing you what Hostname the server is expecting you to be using). You can then correct your markup to refer to the site using the correct hostname, which will correct the certificate error and make the problem go away.