问题
I'm having the SSL warning messages all over my website after switching to SSL for several assets:
Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure script 'http://example.com/script.js'. This request has been blocked; the content must be served over HTTPS.
- I checked the page source, every single script/css is requested over https.
- I even checked the dynamically created html by using the code inspector.
- I disabled Javascript in case a script was loading these assets dynamically.
None of these things showed a single http:// request. I'm out of ideas to try and find what is causing this. Any ideas or suggestions?
回答1:
When seeing a mixed-content message about a http://example.com/script.js (non-https) URL that doesn’t actually appear anywhere in your sources, the basic strategy to follow is:
- Replace the
httpin the URL withhttpsand put that into the address bar in your browser:https://example.com/script.js - If your browser redirects from that
https://example.com/script.jsURL back to (non-https)http://example.com/script.js, then you’ve found the cause:example.com/script.jsisn’t actually available from anhttpsURL, and ends up getting served from ahttpURL even though your source is requesting thehttpsURL.
来源:https://stackoverflow.com/questions/42638605/getting-mixed-content-errors-even-though-i-m-only-using-https-urls