The*_*Rat 2 apache wordpress .htaccess ssl mixed-content
我目前有以下问题
Mixed Content: The page at 'https://www.example.com/' was loaded over HTTPS, but requested an insecure stylesheet
这是httpd安装了Centos服务器上的Wordpress网站。
我在`http.conf中有以下虚拟主机设置:
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /var/www/html/example
ServerName www.example.com
ServerAlias example.com
SSLEngine on
SSLCACertificateFile /etc/httpd/conf/ssl.crt/intermediate.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect / https://www.example.com/
</VirtualHost>
在我这里,httpd.conf我改变AllowOverride了所有,所以看起来像这样:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
我可以确认htaccess正在使用iTheme安全插件,并且可以正常运行,如果在“我”中输入了一些垃圾,也会htacces收到服务器配置错误。
我已经更改了仪表板中的两个Wordpress URL来https代替http。
完成所有这些操作后,我便可以通过HTTP访问该站点,将其重定向到该站点的HTTPS版本并查看该站点。但是,在控制台中,我收到有关混合内容的错误,并且挂锁护罩显示为黄色或红色十字,而不是所需的绿色。
但是也有一些问题的几个文件,我知道的例子,我可以手动更改URL来使用https,而不是http。据我了解,我可以使用将URL更改为以下内容,这将只是将链接调整为正在使用的当前协议:
<img src="//www.example.com/image.jpg" />
我还看到如果资源不可用,https我可以简单地执行以下操作:
https://example.com/imageserver?url=http://otherdomain.com/someimage.jpg&hash=abcdeafad
但是,我正在尝试找到一种一次性解决所有这些问题的方法htaccess(我确信以前已经做过,但是我的摘要对我不起作用)。
我使用了两个主要片段来试图将所有内容都强制执行https,第一个是:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
#These Lines to force HTTPS
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
第二个来自戴夫·沃尔什(Dave Walsh):
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
但是,似乎都没有解决我的问题。作为预防措施,我httpd每次更改后都重新启动了服务,即使htaccess更改本不需要重新启动,但情况仍然相同。谁能指出我正确的方向?
The simplest solution is to replace all links manually using this solution below will save your time and its very straight forward.
The idea is to remove all (protocol HTTP and HTTPS) and leave them to use protocol relative URL /sf/answers/1060225141/
We can do this using the following code for index.php
<?php
//this lined added here
ob_start();
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define('WP_USE_THEMES', true);
/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );
//and these lines also
$output = ob_get_contents();
ob_end_clean();
$output = str_replace(array("https://", "http://"), "//", $output);
echo str_replace('http:\/\/', "\/\/", $output);
Update: You can simply use Content Security Policy
The HTTP Content-Security-Policy (CSP) upgrade-insecure-requests directive instructs user agents to treat all of a site's insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS). This directive is intended for web sites with large numbers of insecure legacy URLs that need to be rewritten.
在块全部混合内容之前评估upgrade-insecure-requests指令,如果设置了该指令,则后者实际上是无操作的。建议设置任何一个指令,但不要同时设置两个指令,除非您想在较旧的浏览器上强制使用HTTPS,而在重定向到HTTP之后不强制使用该浏览器。
将下面的行放入标头部分(header.php文件)。
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
有关更多信息,请阅读:https : //developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests
| 归档时间: |
|
| 查看次数: |
2060 次 |
| 最近记录: |