开发者

Warning : The page index.html ran insecure content

I deployed my application on google appe engine. My web site use Dojo w开发者_StackOverflow中文版ith the template claro. When I run "google chrome inspection", I see a lot of warning when I navigate throught my site. Here is the type of warnings :

The page index.html ran insecure content from http://ajax.googleapis.com/ajax/libs/dojo/1.5/dijit/themes/claro/claro.css.
The page index.html ran insecure content from http://ajax.googleapis.com/ajax/libs/dojo/1.5/dojo/dojo.xd.js.

Do I need to configurate something in the appengine-web.xml or web.xml?


If your page is always accessed by secure url (https) then you might try accessing the secure versions of those include files. I think you can just use https: in place of http: in the url for those two files.

If you want to get fancy, you can check to see if the page is secure and pick either the secure or non-secure version of the link. I can post a sample of that if you need it.

Addendum: To save people time, I am posting @mercator's superior solution here:

No need to get fancy. If you want to pick the secure or non-secure version depending on whether your own site is secure, you can use a protocol-relative link. E.g. //ajax.googleapis.com/ajax/libs/dojo/1.5/dojo/dojo.xd.js


what if the site doesn't support https?? For instance, I'm sending the request to world bank, which only supports http?

EDIT: on chrome, click the "shield" icon on the right of the address bar.


Chrome Inspection validates only client side code, not server side. So, server configuration in appengine-web.xml/web.xml doesn't matter here.

At this case it says that your html is using some external code, from other sites, that can be insecure. It not a big problem, btw. But if you wish, you can copy this files (claro.css and dojo.xd.js) to your own site to fix this issue.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜