mixed-content

问题 I'm working on a project which requires HTTPS, so I startup a HTTPS server with self-signed certificate. I also have an HTTP API Server with CORS enabled. I'm able to fetch API request on Chrome. Here the header of preflight response(with HTTP status code 204): Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: appversion,channel,content-type,language Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: https://localhost:3001 Connection:

问题 I have a html5 page with var connection = new WebSocket('ws://foo.bar:8888'); But I get an error Mixed Content: The page at 'https://foo.bar/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://foo.bar:8888/'. This request has been blocked; this endpoint must be available over WSS. I understand that, but I can't serve a Secure Websocket. Is there any way to make this work, except starting chrome with --allow-running-insecure-content or something like that

问题 I am working on a .Net core web app which is using esri services /resources. The app will eventually be hosted on the client's server. We have esri resources hosted on our servers and other esri resources hosted on their servers. For whatever reason, they refuse to use SSL and we do use SSL so I now have an Mixed content: The page at https://app.smt.smt was loaded over HTTPS but requests and insecure XMLHttpRequest endpoint. This request has been blocked; the content must be served over HTTPS

问题 I have a https site and need to show content from other sites that may or may not be themselves https. Predictably enough, I'm getting warning messages like this in the console... "Mixed Content: The page at 'https://www.example.com/' (my server) was loaded over HTTPS, but requested an insecure image 'http://www.aninsecuredomain.com/image.jpg'. (not my server) This content should also be served over HTTPS." (not to the mention the fact that I no longer see the little padlock displayed

问题 Mixed content isn't blocked for potentially trustworthy origins, including IP addresses from 127.0.0.0 to 127.255.255.255. Can browsers be configured to block mixed content for such addresses? This would make local testing easier. 回答1: I have found no browser settings to treat potentially trusted domains as untrusted, BUT here are several options to make 127.0.0.1 and untrusted domains behave the same, or to generate a report of items that would normally generate a warning. XHR For XHR,

问题 I'm having the SSL warning messages all over my website after switching to SSL for several assets: Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure script 'http://example.com/script.js'. This request has been blocked; the content must be served over HTTPS. I checked the page source, every single script/css is requested over https. I even checked the dynamically created html by using the code inspector. I disabled Javascript in case a script was

问题 I'm having the SSL warning messages all over my website after switching to SSL for several assets: Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure script 'http://example.com/script.js'. This request has been blocked; the content must be served over HTTPS. I checked the page source, every single script/css is requested over https. I even checked the dynamically created html by using the code inspector. I disabled Javascript in case a script was

来源： https://stackoverflow.com/questions/52130918/web-api-error-this-request-has-been-blocked-the-content-must-be-served-over-h

问题 Suppose the page below is loaded from https://127.0.100.1 . The page makes an XMLHttpRequest to http://127.0.100.2 . This seems like mixed content : The page is loaded over a secure connection and a resource is loaded over an insecure connection. Mixed content should be blocked by the browser. Yet, the page below works just fine.* Why does it work: Why isn't the request blocked? Update: Going beyond the accepted answer, browsers can be configured to block mixed content for such addresses. *

问题 Suppose the page below is loaded from https://127.0.100.1 . The page makes an XMLHttpRequest to http://127.0.100.2 . This seems like mixed content : The page is loaded over a secure connection and a resource is loaded over an insecure connection. Mixed content should be blocked by the browser. Yet, the page below works just fine.* Why does it work: Why isn't the request blocked? Update: Going beyond the accepted answer, browsers can be configured to block mixed content for such addresses. *