问题描述

我有兴趣将整个网站从http转换为https。

I am interested in switching my entire site from http over to https.

我担心的是我有一些使用绝对http网址的内容。

My concern is that I have some content that uses absolute http URLs.

我需要编辑每个页面才能将这些URL更改为相对，但这可能需要一段时间才能完成。

I will need to edit each page in order to change those URLs to relative but that might take me a while to accomplish.

我想知道的是，是否有办法通过Google跟踪代码管理器使用Javascript，以便将本地绝对网址重写为HTTPS而不是HTTP？

What I would like to know is if there is a way to use Javascript via the Google Tag Manager in order to re-write local absolute URLs to be HTTPS and not HTTP?

如果可能的话，它是否可以用作永久性解决方案？

If this is possible, could it be used as a permanent solution?

推荐答案

需要考虑的一个解决方案是。

One solution to consider is the Content Security Policy upgrade-insecure-requests directive.

它是相当于配置您的Web服务器，以便您的网站上的所有页面都使用此标头提供：

It’d amount to configuring your Web server so all pages on your site get served with this header:

Content-Security-Policy: upgrade-insecure-requests

因此，添加该标题的效果将是：对于您网站上的任何网页，一个 https URL，只要浏览器在其中一个页面中看到嵌入式（子）资源的 http URL - 无论是样式表，脚本，图像，视频等的URL，浏览器都会自动（透明地）尝试从相应的 https URL中获取资源。

So the effect of adding that header would be: for any page at your site served with an https URL, any time a browser sees in one of those pages an http URL for an embedded (sub)resource —whether it be a URL for a stylesheet, script, image, video, or whatever—the browser will automatically (transparently) try to fetch the resource from the corresponding https URL instead.

有关详细信息，请参阅规范。

For more details, you can see the Upgrade Insecure Requests spec.

• has an open Safari/WebKit implementation-tracking/feature bug
• is under consideration by Microsoft for implementation in Edge

PS，我在W3C工作，我们 - 并且由于W3C拥有数十万（可能是数百万）页面 http 嵌入式子资源的URL，我们能够实现它的方式部分是通过提供 Content-Security-Policy：upgrade-insecure-requests 整个网站的标题。

P.S., I work at the W3C, where we recently (finally) enabled TLS/https access to all W3C site resources—and since the W3C has hundreds of thousands (maybe millions) of pages with http URLs for embedded subresources, the way we were able to make it happen was in part by serving the Content-Security-Policy: upgrade-insecure-requests header across the entire site.

文章提供了有关部署详细信息的更多信息。

The article Supporting HTTPS and HSTS on w3.org gives more info about the deployment details.

这篇关于http到https - 使浏览器请求http URL的相应​​https URL，而无需编辑所有页面并手动将所有URL更改为https？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！