Mixed Content: The page at 'https://mydomain.com' was loaded over HTTPS
date
Sep 4, 2023
slug
mixed-content-error
status
Published
tags
HTTP
summary
This request has been blocked. the content must be served over HTTPS.
type
Post
报错信息
浏览器在访问页面时出现如下错误:
Mixed Content: The page at 'https://mydomain.com' was loaded over HTTPS, but requested an insecure stylesheet 'http://mydomain.com'. This request has been blocked. the content must be served over HTTPS.
这主要是因为浏览器的安全机制,阻止在
HTTPS 的站点中加载 HTTP 协议的资源。解决方案 1
在 HTML 内容中加上下面这段
meta 标签,自动将 HTTP 请求升级为 HTTPS:解决方案 2
在服务器的响应头中加上:
"Content-Security-Policy: upgrade-insecure-requests" 。以 Nginx 为例: