发表新帖
发表新帖

Find out what resources are not going over HTTPS

前端 未结
关注
13 2145
花落未央
花落未央 2020-12-08 12:49

I have an ASP.NET site which should transport completely over HTTPS. However, in Google Chrome I get a warning that the page includes resources which are not secure. How can

相关标签:
13条回答
  • 甜味超标
    2020-12-08 13:06

    Usually this occurs because you are loading Images, javascript include files or external CSS files without using https. You can use a program such as FireBug: http://getfirebug.com/

    FireBug will tell you how your elements are loading and which aren't going through the ssl layer. If you don't have firefox, then I am pretty sure Chrome also has something similar to FireBug built in.

    Here's how to use firebug:

    1. Open firebug
    2. Click on the Console Tab
    3. Reload the page
    4. Any https errors will show in the console and tell you which resource is not working.

    Hope this helps

    0 讨论(0)
  • 情话喂你
    2020-12-08 13:06

    We've scratched our own itch and wrote a tool that crawls your web-site and tells you what pages have non-SSL resources on them. You just need to enter the root URL of your web site – no need to check every page manually.

    http://www.jitbit.com/sslcheck/

    0 讨论(0)
  • 借酒劲吻你
    2020-12-08 13:06

    In Chrome, you can find out which resources were loaded via http versus https by doing the following:

    1) In Wrench menu, choose Tools > Developer tools

    2) Click on "Resources" toolbar icon

    3) Expand the Frames folder to see the different pages. Expand the page whose resources you want to see. The individual Resources for the page are then listed, broken down by Images, Scripts, and Stylesheets

    4) To see the URL that was used to load that resource, just hover the mouse over the resource name and the URL will appear, either with http or https. You can also click on an image name to see the image on the right side, along with its URL

    0 讨论(0)
  • 执笔经年
    2020-12-08 13:10

    I just discovered same behaviour in chrome (firefox showed a green lock), even though all resources were loaded via https.

    The reason in my case was that the server supported broken (google poodle) SSLv3.

    Setting ssl_protocols to exclude SSLv2 in nginx.conf like so

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE

    fixed the problem for me.

    I consider it unfortunate that chrome doesn't make this reason more transparent. "this page loads some resources insecurely" is very misleading if not wrong.

    0 讨论(0)
  • 灰色年华
    2020-12-08 13:14

    To add to this I right-clicked on the column headings in the Network tab view and selected Protocol.

    If you then click on the Protocol heading, the contents of the report will be grouped by HTTPS, etc

    0 讨论(0)
  • 梦如初夏
    2020-12-08 13:15

    I've just had this problem in Chrome also. I checked in the Network tab but all resources were loaded over https.

    Solution: close Chrome and re-open.

    Chrome must cache its secure-content detection so that even when you fix the problems the insecure content message won't disappear.

    0 讨论(0)
 看不清?
提交回复
热议问题