如何让 PHP 网站同时支持 HTTP 和 HTTPS?
我有一个网站,其编写假设 http:// 永远是唯一的协议。现在我购买了 SSL 证书,但是当我访问使用 https:// 调用它的网站时,我在浏览器中收到信息,表明网站的一部分不安全。我发现我有一些 JS、CSS 以及图像和文件,我在网站的 HTML 中使用 http:// 引用它们。
那么启用完整 https 的最佳实践是什么?当我引用图像、CSS 或 JS 时,是否应该在每个地方更改我的网站,检查网站是否加载了 http 或 https,并根据协议加载资源?这对我来说似乎是一项繁重的工作,而且容易出错。有没有其他更简单的方法让整个网站完全安全?
I have a website that was written assuming http:// is one and only protocol forever. Now i bought a SSL certificate but when i visit site calling it with https:// i get info in browsers that part of site is insecure. As i found i have some JS, CSS and images and files that i refer to using http:// in the HTML of the site.
So what is best practice to enable full https? Should i change my website in every place when i refer to image, CSS or JS, check if site was loaded with http or https and load the resource with according protocol? It seems like a lot of work for me and bit error prone. Is there any other way, easier to make the whole site fully secure?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
而不是使用 http://yoursite.com/css/file.css 链接到您的 css、js 和图像 只需使用相对路径,例如 /images/image.jpg 和 /css/file.css,这样它就可以与 http 和 https 一起使用,而且如果您更改域或将内容复制到另一个域,您应该'也不必更改所有这些链接。
Rather than linking to your css, js, and images with http://yoursite.com/css/file.css just use relative paths such as /images/image.jpg and /css/file.css this way it will work with both http and https, also if you change domains or copy your content to another domain, you shouldn't have to change all those links either.
使用相对路径。如果您指向的内容与您的网站位于同一网站上,那么您不应该使用 http://
如果由于某种原因您仍然需要 http:// 那么只需将它们全部切换为 https:// 即可。 http:// 永远不会抱怨,因为它指向 https:// 内容,但 https:// 页面如果指向非 https 内容就会抱怨。
如果您指向无法控制的内容(例如在另一个网站上),那么您需要希望可以通过 https 获取该内容。如果不能,那么您就完蛋了,您要么需要忍受错误,从其他地方获取内容,要么通过您自己的 https 连接代理内容。
Use relative paths. If you are pointing to something that is on the same site as yours, then you should not be using http://
If for some reason you still need to have http:// then just switch them all to https://. An http:// will never complain because it is pointing to https:// stuff, but an https:// page will complain if it is pointing to non-https stuff.
If you are pointing to content outside of your control, on another site for example, then you need to hope that you can get at that content via https instead. If you can't, then you're hosed and you either need to live with the error, get the content from somewhere else, or proxy the content through your own https connection.
为了补充 @drew010 的答案,您可以使用其他域并仍然使用
//引用当前协议,例如:后一个示例将指向
https://..< /code> 来自https://your-site.com和http://...来自http://your-site.com代码>.To complement @drew010 's answer, you could use other domains and still refer to the current protocol with
//, something like:The latter example will point to
https://..fromhttps://your-site.comandhttp://...fromhttp://your-site.com.最佳实践是使用相对路径而不是绝对路径,但有时绝对路径是更好的选择,因此您可以执行以下操作:
正如我可以想象的那样,您有一个名为 config.php 或 common.php 的文件(一个存储常用的文件) vars 并且您将其包含在每个页面中),因此将此代码放在那里:
然后您可以分配一个名为
$http的 var 来获取函数的值,例如:$http = selfURL();然后每当你想包含图像、CSS 等内容时,请执行以下操作:
此方法非常可靠,因为它在任何情况下都有效。
the best practice would be either using relative path rather than absolute but sometimes absolute is a better option so you can do the following :
as I can imagine you have a file called config.php or common.php (a file that stores your common used vars and you include it in every page), so put this code there :
and then you can assign a var called
$httpto get the value of the function like :$http = selfURL();and then whenever you want to include anything like images, css, etc do something like :
<img src="<?=$http?>images/sample.png" />this method is reliable as it works in any situation.