On the browser page of the Linux system, the http request is not allowed. If there is an http request, an error will occur and the Linux system will alert the user. This article will introduce the Linux system to block the http request alert on the browser page.
Alert Code
Mixed Content: The page at ‘https://www.taobao.com/‘ was loaded over HTTPS, but requested an insecure image ‘http://G.alicdn.com/s.gif’. This content should also be served over HTTPS.HTTPS
After the transformation, we can see the following alarms in many page:
Many operators no technical concepts to https, fill in In the data, http resources are inevitable, the system is huge, and negligence and loopholes are inevitable.
Solution
CSP Settings upgrade-insecure-requests
Fortunately, the W3C Working Group has considered the difficulty of upgrading HTTPS. In April 2015, an upgrade was made. The draft of Insecure Requests, his role is to let the browser automatically upgrade the request.
Add in our server's response header:
header(“Content-Security-Policy: upgrade-insecure-requests”);
Our page is https This page contains a large number of http resources (images, iframes, etc.). Once the page is found to have the above response header, it will be automatically replaced with an https request when the http resource is loaded. You can view google provide a demo:
But people understand is that this resource was issued two requests, speculation is achieved browser bug:
Of course, if we don't have trouble working on the server /Nginx, we can also add a meta header to the page:
"meta http-equiv=“Content-Security-Policy” content=“upgrade-insecure- Requests” /"
Currently only chrome 43.0 is supported for this setting, but I believe that CSP will be the focus of future web front-end security. The upgrade-insecure-requests draft will soon enter the RFC model.
From the example given by the W3C working group, it can be seen that this setting does not process the a link of the foreign domain, so you can use it with confidence.
The above is the introduction of the Linux system to block the http request alert on the browser page, because the actual application can easily appear http request in the page, so if you do not block the alarm, it will always be displayed there. More impact on the user experience.
Tmux is a terminal-use software that can open multiple terminals remotely and has m
Through the history command under Linux, we can view the used commands, that is, th
In Linux system operation, for some reasons, you want to create the installed package directly from
in Linux system The shell in the system is a programming language that can execute various commands
How to install Ruby and rvm on Ubuntu 11.04
How to configure network under Debian system
How to install Guake terminal to Ubuntu system
Linux viewing system installed kernel operation method
What should I do if Ubuntu prompts the list error when opening the software center?
Ubuntu steps to install PlayOnLinux
How do old computers install open source Linux systems?
Ubuntu vi using the arrow keys error how to solve?
Steps for Multi-Mirror Image Traffic Aggregation and Replication in Linux
RedHat how to install log4cxx log library
Introduction to the syntax and parameters of the Linux system xlsclients command
Microsoft Pinyin how to uninstall Win10 delete Microsoft Pinyin input method tutorial
Manual replacement of Win8 key key 2 methods
Win8 does not display the login screen after the black screen is restored. The
How to clear Windows8 Live Tile Image
Windows 7 play acceleration has to go to Aero Snap function
Steps for the Win10 system to adjust the order of quick access to the folder
How does Win10 view the location of the application installation?
Vista below QQ often dropped the solution
Thoroughly give your system a slim body (a)
How to solve the problem that the menu bar of Win7 computer interface disappears