更新时间:2022-01-01 22:02:41
如果您的 Web 应用程序如您所指示的那样通过 HTTP 托管,那么它消耗的所有外部资源(CDN、脚本、CSS 文件、API 调用)还应该使用 SSL 并通过 HTTPs 进行保护.想想看.如果您的应用反过来向 API 发出不安全的请求,这将违背您应用安全的目的.
If your web app is being hosted over HTTPs as you've indicated, then all external resources it is consuming (CDN, scripts, CSS files, API calls) should also use SSL and be secured through HTTPs. Think about it. It would defeat the purpose of your app being secure, if your app was in turn making insecure requests to an API.
因此,您可以:
将以下 meta
标记添加到 HTML 中的 元素:
Add the following meta
tag to your <head>
element in your HTML:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
关于这方面的更多信息可以在这里找到:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests.
More information about this can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests.