Nginx
1 前言
一个问题,一篇文章,一出故事。
笔者代理生产环境的一台服务器发现报如下错误,
Mixed Content: The page at 'URL' was loaded over HTTPS, but requested an insecure stylesheet 'URL'. This request has been blocked; the content must be served over HTTPS.
可能是由如下原因引起,
– HTTPS页面动态引入HTTP资源,比如引入一个js文件,会被直接block掉的。
– HTTPS页面通过AJAX方式请求HTTP资源,同样也会被直接block掉。
2 最佳实践
2.1 加入替换代码
vim /etc/nginx/conf.d/www.cmdschool.org.conf
加入如下标识头,
location / { # proxy_pass http://xxxx/; add_header Content-Security-Policy "upgrade-insecure-requests" always; # }
2.2 重载服务使配置生效
systemctl reload nginx
参阅文档
=================
错误的解决方法
—————
https://blog.csdn.net/cczzyc1/article/details/97135143
Nginx添加头的方法
—————
https://content-security-policy.com/examples/nginx/
没有评论