如何基于nginx设置upgrade-insecure-requests

Question

我已经将我的站点更改为https，但我在代码中使用了静态文件的cdn。它无法工作，并且 chrome 控制台显示如下错误：

Mixed Content: The page at 'https://a.example.com/static/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css'. This request has been blocked; the content must be served over HTTPS.

我已经在 nginx 配置文件中添加了add_header Content-Security-Policy upgrade-insecure-requests;如下内容：

server {
    listen 80;
    listen 443;
    server_name a.example.com;
    add_header Content-Security-Policy upgrade-insecure-requests;

    if ($scheme != "https") {
       return 301 https://$server_name$request_uri;
       #rewrite ^ https://$server_name$request_uri? permanent;
    }


    ssl on;
    ssl_certificate /etc/nginx/ssl/example.crt;
    ssl_certificate_key /etc/nginx/ssl/example.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;

    gzip on;
    gzip_proxied any;
    gzip_types text/plain application/xml application/json;
    client_max_body_size 8M;
    access_log /var/log/nginx/example.log;
    location / {
            proxy_pass http://10.10.10.110:5000;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header Host $host;
    }
    location ^~ /static/ {

            proxy_pass http://10.10.10.110:8888;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header Host $host;
           #proxy_set_header Content-Security-Policy upgrade-insecure-requests;
    }

}

但还不行！有人可以告诉我如何解决这个问题吗？谢谢 ：）

Answer 1

请注意，upgrade-insecure-requests并非所有浏览器都支持该功能，例如 Safari 和 IE。

我建议您只替换代码中的 HTTP 请求。您可以使用 //相对于调用它的协议来加载它，如下所示：

//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css

这意味着，如果您从 HTTPS 上下文打开 Web 应用程序，它将使用 HTTPS 协议加载它，否则它将使用 HTTP。