您好我有一个php应用程序我希望account.php页面是安全的,但是在将其添加到页面后
$use_sts = true;
// iis sets HTTPS to 'off' for non-SSL requests
if ($use_sts && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
header('Strict-Transport-Security: max-age=31536000');
} elseif ($use_sts) {
header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
// we are in cleartext at the moment, prevent further execution and output
die();
}
然而,当我浏览页面时,它被设置为HTTPS,但是当我查看它使用http显示文件请求的源时,内容就到处都是:
<script type="text/javascript" src="http://****/assets/jquery.js"></script>
<script type="text/javascript" src="http://****/assets/jquery-ui.js"></script>
<script type="text/javascript" src="http://****/assets/tables.js"></script>
<script type="text/javascript" src="http://****/assets/global.js"></script>
<script type="text/javascript" src="http://****/assets/cycle.js"></script>
有没有办法设置特定页面使用SSL
我也尝试过.htaccess,但结果相同
# force https for
RewriteCond %{HTTPS} =off
RewriteRule ^(index|login)\.php$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
感谢
中号
答案 0 :(得分:1)
您需要从绝对网址中删除http:。这将使浏览器使用页面的当前协议。
<script type="text/javascript" src="//cdn.domain.tld/assets/jquery.js"></script>
如果域名等于页面的域名,您也可以使用没有域名的绝对路径:
<script type="text/javascript" src="/assets/jquery.js"></script>