admin管理员组

文章数量:1323707

I have a dev site set up that's running under a fake HTTPS, it has a certificate however Chrome says its invalid because of the domain. My real site has a real certificate however, and I'm wondering if that HTTPS connection will break because of some insecure content on my page.

I'm using Brightcove as a 3rd party video host and when using their embed code, I get these types of errors in the Chrome developer console on my dev site:

The page at / displayed insecure content from .xml.

If I deploy the development version to my live site, will it break the HTTPS seal in the address bar of browsers? HTTPS is very important for my customers so I'd rather not deploy it and just see what happens.

Unfortunately Brightcove doesn't have "true" HTTPS support, it's either get these errors or the video doesn't work. :/

Also, the video is being loaded via JavaScript if that matters.

Thanks!

I have a dev site set up that's running under a fake HTTPS, it has a certificate however Chrome says its invalid because of the domain. My real site has a real certificate however, and I'm wondering if that HTTPS connection will break because of some insecure content on my page.

I'm using Brightcove as a 3rd party video host and when using their embed code, I get these types of errors in the Chrome developer console on my dev site:

The page at https://my.website./ displayed insecure content from http://c.brightcove./crossdomain.xml.

If I deploy the development version to my live site, will it break the HTTPS seal in the address bar of browsers? HTTPS is very important for my customers so I'd rather not deploy it and just see what happens.

Unfortunately Brightcove doesn't have "true" HTTPS support, it's either get these errors or the video doesn't work. :/

Also, the video is being loaded via JavaScript if that matters.

Thanks!

  • javascript
  • html
  • https
  • nginx
Share Improve this question asked Jul 15, 2013 at 19:50 James DawsonJames Dawson 5,40920 gold badges75 silver badges129 bronze badges 3
  • 1 Use relative URLs, and use protocol-less external URLs. For example, using //code.example./js/jquery.js will automatically use https if your page already is, or http if your page is – Ian Commented Jul 15, 2013 at 19:56
  • @Ian: that external site doesn't support requests over HTTPS, that's the issue as it seems. Other than that, your suggestion is valid. It's how it should be done. – Ma3x Commented Jul 15, 2013 at 19:57
  • @Ma3x Ahh yes, I see. I should've tested that first (and read everything properly first) – Ian Commented Jul 15, 2013 at 20:05
Add a ment  | 

1 Answer 1

Reset to default 6

If you include content from insecure sources (http), the seal will break. it's still safe but it won't be shown as prominent as on a page with only secure content inclusion.

本文标签: javascriptInsecure content on HTTPS pageStack Overflow

版权声明:本文标题:javascript - Insecure content on HTTPS page - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742130431a2422132.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。