在我在apache上设置从http到https的自动重定向后,我在wordpress网站上出现了混合内容错误。
Mixed Content: The page at 'https://example.example.com/' was loaded over HTTPS, but requested an insecure stylesheet http://example.example.com/wp-content/uploads/elementor/css/post-2612.css?ver=1481615259'. This request has been blocked; the content must be served over HTTPS
我想知道我的htaccess / virtualhost是否有问题,或者可能是代码,css等问题。
我的htaccess代码如下所示:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
我的VirtualHost看起来像这样:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
ServerName example.example.com
ServerAdmin hostmaster@example.com
DocumentRoot /mnt/data/html1
ErrorLog /mnt/data/html1/example.example.com_error.log
CustomLog /mnt/data/html1/example.example.com_access_log combined env=!dontlog
</VirtualHost>
<VirtualHost _default_:443>
SSLEngine on
RewriteEngine On
RewriteCond %{HTTPS} on
SSLCertificateFile /etc/httpd/sites-available/crt.crt
SSLCertificateKeyFile /etc/httpd/sites-available/pem.pem
ServerName example.example.com
DocumentRoot /mnt/data/html1
ErrorLog /mnt/data/html1/example.example.com_error.log
CustomLog /mnt/data/html1/example.example.com_access_log combined env=!dontlog
</VirtualHost>
<Directory "/mnt/data/html1">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /mnt/data/html1/.htpasswd
Require valid-user
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
答案 0 :(得分:1)
追踪和解决所有混合内容问题可能很烦人。这是谷歌有条不紊地通过它的优秀指南。 https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content
我个人一直在DNS级别使用cloudflare的自动重写系统,这完全是交钥匙工程,对于懒惰人来说是一个很好的技巧。
虽然chrome应该识别通过第三方加载的内容之间的区别(让我们说你有JS供应商lib从某个地方吸引资产,我知道这有时会导致警告,在浏览器中查看你的网络标签将确定哪些出站链接正在触发问题。