本文介绍了安全页面上 iframe 中的不安全内容的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在为客户端开发应用程序,该应用程序将具有 SSL 证书并在 https 下提供服务.但是,为了与现有网站集成,他们希望在 iframe 内提供导航.

I'm in the in the process of developing an application for a client, which will have an SSL certificate and be served under https. However, to integrate with their existing site they want to provide their navigation inside an iframe.

我可以看到这会带来麻烦,因为我希望浏览器会抱怨页面上混合了安全和不安全的内容.我看过这里的类似问题,他们似乎都提到了这个问题(iframe 中的安全内容).

I can see this causing trouble, as I'd expect the browser to complain about the mix of secure and insecure content on the page. I've had a look at similar questions on here and they all seem to refer to this the other way round (secure content in the iframe).

那么,我想知道的是:将不安全的内容包含在 iframe 中、放置在安全页面上是否会导致问题,如果是这样,它们会是什么类型的问题?

What I'd like to know, then, is: will it cause issues to have insecure content included inside an iframe, placed on a secure page , and if so what sort of problems would they be?

理想情况下,如果这不是一个好主意(我强烈认为它不是),我需要能够向客户解释这一点.

Ideally if it's not a good idea (and I have a strong feeling that it isn't) I need to be able to explain this to the client.

推荐答案

如果正在使用 https://www.example.com/main/index.jsp (SSL) 访问您的页面,则如果 HTML 代码中的任何资源使用 http://(非 SSL)引用,您的浏览器会抱怨此页面包含安全和不安全的项目".这包括 iframe.

If your page is being accessed using https://www.example.com/main/index.jsp (SSL) then your browser will complain with "This page contains both secure and insecure items" if there are any resources in the HTML code that are referenced with http:// (non-SSL). This includes iframes.

如果您的导航页面托管在同一台服务器上,那么您可以使用这样的相对 URL 来防止不安全内容"消息...

If your navigation page is hosted on the same server then you can prevent the "insecure content" message by using a relative URL like this...

<iframe src="/app/navigation.jsp" />

从您的问题来看,您的导航页面似乎是由单独的主机提供的,而您被迫使用类似的内容

From your question it sounds like your navigation page is being served from a separate host and you're being forced to use something like this

<iframe src="http://otherserver.example.com/app/navigation.jsp" />

这当然会导致浏览器中出现内容不安全"消息.

which will of course cause the "insecure content" message in your browser.

你唯一的解决办法是要么

Your only solutions are to either

  1. 在保存导航页面的服务器上实施 SSL,以便您可以使用 https:// 作为 iframe 引用,或

  1. implement SSL on the server holding your navigation page so you can use https:// for your iframe reference, or

将导航应用程序移至同一服务器,以便您可以使用相对 URL.

move the navigation application to the same server so you can use a relative URL.

我个人不明白为什么你的导航会在不同的主机上,因为那样你会遇到 JavaScript 跨域脚本问题(除非涉及一些时髦的 JSONP).

Personally I can't see why your navigation would be on a different host because then you're going to get JavaScript cross-domain scripting issues (unless some funky JSONP is involved).

这篇关于安全页面上 iframe 中的不安全内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

阿里云证书,YYDS!

05-24 22:23