<tfoot id='KL6HW'></tfoot>

        <small id='KL6HW'></small><noframes id='KL6HW'>

        <i id='KL6HW'><tr id='KL6HW'><dt id='KL6HW'><q id='KL6HW'><span id='KL6HW'><b id='KL6HW'><form id='KL6HW'><ins id='KL6HW'></ins><ul id='KL6HW'></ul><sub id='KL6HW'></sub></form><legend id='KL6HW'></legend><bdo id='KL6HW'><pre id='KL6HW'><center id='KL6HW'></center></pre></bdo></b><th id='KL6HW'></th></span></q></dt></tr></i><div id='KL6HW'><tfoot id='KL6HW'></tfoot><dl id='KL6HW'><fieldset id='KL6HW'></fieldset></dl></div>

          <bdo id='KL6HW'></bdo><ul id='KL6HW'></ul>
      1. <legend id='KL6HW'><style id='KL6HW'><dir id='KL6HW'><q id='KL6HW'></q></dir></style></legend>

        从 HTTPS 页面到 HTTP(非 HTTPS)本地主机地址的混合内容请求未被阻止

        时间:2023-05-16

        <small id='qK6RT'></small><noframes id='qK6RT'>

      2. <i id='qK6RT'><tr id='qK6RT'><dt id='qK6RT'><q id='qK6RT'><span id='qK6RT'><b id='qK6RT'><form id='qK6RT'><ins id='qK6RT'></ins><ul id='qK6RT'></ul><sub id='qK6RT'></sub></form><legend id='qK6RT'></legend><bdo id='qK6RT'><pre id='qK6RT'><center id='qK6RT'></center></pre></bdo></b><th id='qK6RT'></th></span></q></dt></tr></i><div id='qK6RT'><tfoot id='qK6RT'></tfoot><dl id='qK6RT'><fieldset id='qK6RT'></fieldset></dl></div>

            • <bdo id='qK6RT'></bdo><ul id='qK6RT'></ul>
            • <legend id='qK6RT'><style id='qK6RT'><dir id='qK6RT'><q id='qK6RT'></q></dir></style></legend>
                <tfoot id='qK6RT'></tfoot>
                  <tbody id='qK6RT'></tbody>
                  本文介绍了从 HTTPS 页面到 HTTP(非 HTTPS)本地主机地址的混合内容请求未被阻止的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  限时送ChatGPT账号..

                  假设下面的页面是从 https://127.0.100.1 加载的.该页面向 http://127.0.100.2 发出 XMLHttpRequest.这似乎是混合内容:页面通过安全连接加载,资源通过不安全连接加载.混合内容应被浏览器阻止.然而,下面的页面运行良好.* 为什么会运行:为什么请求没有被阻止?

                  Suppose the page below is loaded from https://127.0.100.1. The page makes an XMLHttpRequest to http://127.0.100.2. This seems like mixed content: The page is loaded over a secure connection and a resource is loaded over an insecure connection. Mixed content should be blocked by the browser. Yet, the page below works just fine.* Why does it work: Why isn't the request blocked?

                  更新:超越接受的答案,浏览器可以配置来阻止此类地址的混合内容.

                  Update: Going beyond the accepted answer, browsers can be configured to block mixed content for such addresses.

                  * Wireshark 确认浏览器没有通过安全连接加载资源.

                  <html>
                  <body>
                  <img id="dst"/>
                  <script>
                    let xhr = new XMLHttpRequest();
                    xhr.open('get', 'http://127.0.100.2/img.jpg');
                    xhr.responseType = 'blob';
                    xhr.onload = function(){
                      document.getElementById('dst').src = URL.createObjectURL(xhr.response);    
                    }
                    xhr.send();
                  </script>
                  </body>
                  </html>
                  

                  推荐答案

                  http://127.0.100.2/img.jpg 不被视为混合内容,因为混合内容规范将其定义为先验认证 URL,因为它在 127.0.0.0 - 127.255.255.255 范围内(即具有 CIDR 表示法 127.0.0.0/8 的主机),根据安全上下文规范被定义为安全上下文——即使协议不是 https.

                  http://127.0.100.2/img.jpg isn’t considered mixed content because the Mixed Content spec defines it as a special case of an a priori authenticated URL, due to it being in the range 127.0.0.0 - 127.255.255.255 (that is, a host with the CIDR notation 127.0.0.0/8), which per the Secure Contexts spec is defined as a secure context — even if the protocol isn’t https.

                  http://localhost/img.jpghttp://foo.localhost/img.jpg

                  这篇关于从 HTTPS 页面到 HTTP(非 HTTPS)本地主机地址的混合内容请求未被阻止的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  上一篇:XMLHttpRequest multipart/form-data:多部分中的边界无效 下一篇:为什么禁止没有凭据的 CORS?

                  相关文章

                  1. <small id='GpedE'></small><noframes id='GpedE'>

                      <bdo id='GpedE'></bdo><ul id='GpedE'></ul>

                    <i id='GpedE'><tr id='GpedE'><dt id='GpedE'><q id='GpedE'><span id='GpedE'><b id='GpedE'><form id='GpedE'><ins id='GpedE'></ins><ul id='GpedE'></ul><sub id='GpedE'></sub></form><legend id='GpedE'></legend><bdo id='GpedE'><pre id='GpedE'><center id='GpedE'></center></pre></bdo></b><th id='GpedE'></th></span></q></dt></tr></i><div id='GpedE'><tfoot id='GpedE'></tfoot><dl id='GpedE'><fieldset id='GpedE'></fieldset></dl></div>

                  2. <tfoot id='GpedE'></tfoot>
                  3. <legend id='GpedE'><style id='GpedE'><dir id='GpedE'><q id='GpedE'></q></dir></style></legend>