Mixed Content (laravel)

半城伤御伤魂 提交于 2021-02-18 10:48:27

问题


I get the following error (on every page)

app.js:703 Mixed Content: The page at 'https://sitename.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://sitename.com/index.php/getMessages'. This content should also be served over HTTPS.

The site is build with Laravel. Is there anybody who knows how to fix this error?


回答1:


In my case it's because I wasn't aware that the asset() function didn't handle https automatically (as pointed out by frankfurt-laravel's answer).

To get around this, since I don't use SSL in dev, I set ASSET_URL in the .env to the https url:

APP_URL=https://example.com
ASSET_URL="${APP_URL}"

This overrides the asset() function to use the https url, without having to modify the function at all. See the docs for more context.




回答2:


I had same problem few days ago. Do you use Cloudflare? Change flexible SSL to Full.




回答3:


I suggest to use the method argument $secure Laravel (5.6 has it definitely) provides:

When you use asset loading, e.g.

 <!-- Scripts -->
<script src="{{ asset('js/app.js') }}" defer></script>
<!-- Styles -->
<link href="{{ asset('css/app.css') }}" rel="stylesheet">

You can lookup the definition for asset(), if you have some kind of advanced IDE. If not, please check this file helpers.php.

However, the documentation says

/**
 * Generate an asset path for the application.
 *
 * @param  string  $path
 * @param  bool    $secure
 * @return string
 */

So you just need to pass true as the second argument, and then the resource is loaded in a secure way. For above examples it would be

<!-- Scripts -->
<script src="{{ asset('js/app.js',true) }}" defer></script>
<!-- Styles -->
<link href="{{ asset('css/app.css', true) }}" rel="stylesheet">

Please note, this will cause conflict if you use php artisan serve, as artisan is not capable to serve via HTTPS protocol. Thus you need HTTPS setup e.g. with Valet on MacOS or Homestead on Windows. Follow the links for setup details.

Hope this helps, please let me know if it worked.




回答4:


Make sure to remove trailing slashes from XMLHttpRequest endpoint URL.




回答5:


In your .env file set your url to https APP_URL=https://sitename.com and in your config/app.php set url to 'url' => env('APP_URL', 'APP_URL=https://sitename.com'), that should solve your problem




回答6:


You opened the page 'https://sitename.com/' . But the javascript of this page sent an http request, not https.

You should change your javascript code to send https request.

There are two ways to send https request:

  1. Put the protocol together with path.

    $.get('http://sitename.com/index.php/getMessages')

  2. Ignore the protocol, but put '//' before the path

    $.get('//sitename.com/index.php/getMessages')



来源:https://stackoverflow.com/questions/47018712/mixed-content-laravel

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!