In IE7 my web site always causes the browser to prompt a "Security Information" dialogue box:
在IE7中,我的网站总是使浏览器提示“安全信息”对话框:
This page contains both secure and non-secure items.
此页面包含安全和非安全项目。
Do you want to display the non-secure items?
要显示非安全项吗?
How can I avoid getting this message when traveling between non-secure and secure pages (HTTP to HTTPS)?
在非安全页面(HTTP到HTTPS)之间旅行时,如何避免收到此消息?
6 个解决方案
#1
You need to make sure all your images, script files, CSS files and so on have HTTPS urls if you're on a secure page.
如果您在安全页面上,则需要确保所有图像,脚本文件,CSS文件等都具有HTTPS URL。
If you view-source and search for "http:" this will soon tell which one (or more) is wrong.
如果你查看源代码并搜索“http:”,这将很快告诉哪一个(或更多)是错误的。
Example:
<script src="script.js" type="text/javascript"></script> - Correct
<script src="https://ssl.google.com/ga.js" type="text/javascript"></script> - Correct
<script src="http://www.google.com/ga.js" type="text/javascript"></script> - Wrong
#2
RoBorg has it dead on. However, it can be tricky sometimes to track down the specific page or item causing the problem. Often it is a broken link that redirects to the "404-page not found" page.
RoBorg已经死了。但是,有时要跟踪导致问题的特定页面或项目可能会很棘手。通常,它是一个断开的链接,重定向到“404-page not found”页面。
A trick I like to use is to hit the page and answer in the affirmative on the prompt then look at the IIS log entries generated for any rows with an 80 in the port column instead of 443.
我喜欢使用的一个技巧是点击页面并在提示上回答肯定,然后查看为端口列中的80而不是443的任何行生成的IIS日志条目。
#3
You should make sure that you haven't included http://
explicitly anywhere in your code. If you did then that message will be displayed.
您应确保未在代码中的任何位置明确包含http://。如果您这样做,那么将显示该消息。
#4
There is also an option in IE to toggle this message when moving from HTTP to HTTPS pages. In IE7, it's on the advanced tab, second checkbox from the bottom.
在从HTTP移动到HTTPS页面时,IE中还有一个选项可以切换此消息。在IE7中,它位于高级选项卡上,底部是第二个复选框。
There is also a 'Display mixed content' option in IE7, security tab, custom level.
Set it to Enabled for the site level you're accessing the site as.
IE7中还有一个“显示混合内容”选项,安全选项卡,自定义级别。对于您访问该网站的网站级别,将其设置为“已启用”。
#5
For anyone still trying to solve odd IE7 security warnings:
对于仍在尝试解决奇怪的IE7安全警告的人:
I found a case where IE7 incorrectly gives the warning. It happens if using jQuery.get() to add HTML content that has an inline style with a relative url. See test case.
我发现IE7错误地发出警告的情况。如果使用jQuery.get()添加具有内联样式和相对URL的HTML内容,则会发生这种情况。见测试用例。
Possible fixes include:
可能的修复包括:
- using an absolute url
- moving the styles to a CSS files (might need to be loaded on page load)
- using jQuery.load() or some other technique might also help
使用绝对网址
将样式移动到CSS文件(可能需要在页面加载时加载)
使用jQuery.load()或其他一些技术也可能有所帮助
#6
We use this trick in the HTML5 Boilerplate for a clever request of jQuery off the Google CDN:
我们在HTML5 Boilerplate中使用这个技巧,以便从Google CDN中获得jQuery的聪明请求:
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js"></script>
<script>window.jQuery || document.write('<script src="js/vendor/jquery-1.9.0.min.js"><\/script>')</script>
instead of adding any http: or https: in the src. which will work fine in every case
而不是在src中添加任何http:或https:在每种情况下都可以正常工作
#1
You need to make sure all your images, script files, CSS files and so on have HTTPS urls if you're on a secure page.
如果您在安全页面上,则需要确保所有图像,脚本文件,CSS文件等都具有HTTPS URL。
If you view-source and search for "http:" this will soon tell which one (or more) is wrong.
如果你查看源代码并搜索“http:”,这将很快告诉哪一个(或更多)是错误的。
Example:
<script src="script.js" type="text/javascript"></script> - Correct
<script src="https://ssl.google.com/ga.js" type="text/javascript"></script> - Correct
<script src="http://www.google.com/ga.js" type="text/javascript"></script> - Wrong
#2
RoBorg has it dead on. However, it can be tricky sometimes to track down the specific page or item causing the problem. Often it is a broken link that redirects to the "404-page not found" page.
RoBorg已经死了。但是,有时要跟踪导致问题的特定页面或项目可能会很棘手。通常,它是一个断开的链接,重定向到“404-page not found”页面。
A trick I like to use is to hit the page and answer in the affirmative on the prompt then look at the IIS log entries generated for any rows with an 80 in the port column instead of 443.
我喜欢使用的一个技巧是点击页面并在提示上回答肯定,然后查看为端口列中的80而不是443的任何行生成的IIS日志条目。
#3
You should make sure that you haven't included http://
explicitly anywhere in your code. If you did then that message will be displayed.
您应确保未在代码中的任何位置明确包含http://。如果您这样做,那么将显示该消息。
#4
There is also an option in IE to toggle this message when moving from HTTP to HTTPS pages. In IE7, it's on the advanced tab, second checkbox from the bottom.
在从HTTP移动到HTTPS页面时,IE中还有一个选项可以切换此消息。在IE7中,它位于高级选项卡上,底部是第二个复选框。
There is also a 'Display mixed content' option in IE7, security tab, custom level.
Set it to Enabled for the site level you're accessing the site as.
IE7中还有一个“显示混合内容”选项,安全选项卡,自定义级别。对于您访问该网站的网站级别,将其设置为“已启用”。
#5
For anyone still trying to solve odd IE7 security warnings:
对于仍在尝试解决奇怪的IE7安全警告的人:
I found a case where IE7 incorrectly gives the warning. It happens if using jQuery.get() to add HTML content that has an inline style with a relative url. See test case.
我发现IE7错误地发出警告的情况。如果使用jQuery.get()添加具有内联样式和相对URL的HTML内容,则会发生这种情况。见测试用例。
Possible fixes include:
可能的修复包括:
- using an absolute url
- moving the styles to a CSS files (might need to be loaded on page load)
- using jQuery.load() or some other technique might also help
使用绝对网址
将样式移动到CSS文件(可能需要在页面加载时加载)
使用jQuery.load()或其他一些技术也可能有所帮助
#6
We use this trick in the HTML5 Boilerplate for a clever request of jQuery off the Google CDN:
我们在HTML5 Boilerplate中使用这个技巧,以便从Google CDN中获得jQuery的聪明请求:
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js"></script>
<script>window.jQuery || document.write('<script src="js/vendor/jquery-1.9.0.min.js"><\/script>')</script>
instead of adding any http: or https: in the src. which will work fine in every case
而不是在src中添加任何http:或https:在每种情况下都可以正常工作