VUE

解决方式:注释标签
CPS 设置 upgrade-insecure-requests 作用是让浏览器自动升级请求。

1
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

在服务器的响应头中加入:
1
header("Content-Security-Policy:upgrade-insecure-requests");

页面是 https 的,但是在这个页面包含了大量的 http 资源(图片、iframe等),页面一旦发现存在上述响应头,会在加载 http 资源时自动替换成 https 请求

JavaScript

HTML 自上而下解析,所以脚本需要放在主页上方;最好的实现方法是服务端或者域名解析的时候做 301 跳转

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<script type="text/javascript">
var targetProtocol = "https:";
if (window.location.protocol != targetProtocol)
 window.location.href = targetProtocol +
  window.location.href.substring(window.location.protocol.length);
</script>

<script type="text/javascript">
var hosts = /^(192.168.1.1)/;
    if (window.location.hostname !== 'localhost' && !hosts.test(window.location.hostname)) {
      // 判断非本地 server 时 http 强制转换成 https
      var targetProtocol = "https:";
      if (window.location.protocol != targetProtocol)
      window.location.href = targetProtocol +
      window.location.href.substring(window.location.protocol.length);
    }
</script>