问题描述

我有一个包含输入表单的网页。通过Apache重定向为与该页匹配的所有请求启用HTTPS。不幸的是，因为CSS使用'background-image：url（/ images / ...）'拉入外部图像，浏览器将生成一个警告消息，页面包含混合内容。

I have a web page containing am entry form. HTTPS is enabled via an Apache redirect for all requests matching that page. Unfortunately, because the CSS pulls in external images using 'background-image: url(/images/...)', the browser will generate a warning message that the page contains mixed content.

解决此问题的最佳方法是什么？

What's the best way to resolve this issue?

推荐答案

现在SSL是和，此技术现在是反模式。如果您需要的资产在SSL上可用，请始终使用 https：// 资产。

Now that SSL is encouraged for everyone and doesn’t have performance concerns, this technique is now an anti-pattern. If the asset you > need is available on SSL, then always use the https:// asset.

通过HTTP请求的代码段打开了攻击的门口
像。即使您的网站使用HTTP，始终对
也是安全的，但是反向
。

Allowing the snippet to request over HTTP opens the door for attacks like the recent Github Man-on-the-side attack. It’s always safe to request HTTPS assets even if your site is on HTTP, however the reverse is not true.

更多指南和详情，请参阅。

More guidance and details in Eric Mills’ guide to CDNs & HTTPS.

资料来源：

是一个非常受欢迎的解决方案：

Here is a very popular solution:

有一个小技巧，你可以逃避，这将节省你一些头痛：

There's this little trick you can get away with that'll save you some headaches:

<img src="//domain.com/img/logo.png">

在CSS

In CSS

div{background: url(//path/to/image.png);}

这篇关于由于CSS背景图片，SSL和混合内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！