自动跳转 https 访问网站
VUE
解决方式:注释标签
CPS 设置 upgrade-insecure-requests 作用是让浏览器自动升级请求。1
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
在服务器的响应头中加入:1
header("Content-Security-Policy:upgrade-insecure-requests");
页面是 https 的,但是在这个页面包含了大量的 http 资源(图片、iframe等),页面一旦发现存在上述响应头,会在加载 http 资源时自动替换成 https 请求
JavaScript
HTML 自上而下解析,所以脚本需要放在主页上方;最好的实现方法是服务端或者域名解析的时候做 301 跳转1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17<script type="text/javascript">
var targetProtocol = "https:";
if (window.location.protocol != targetProtocol)
window.location.href = targetProtocol +
window.location.href.substring(window.location.protocol.length);
</script>
<script type="text/javascript">
var hosts = /^(192.168.1.1)/;
if (window.location.hostname !== 'localhost' && !hosts.test(window.location.hostname)) {
// 判断非本地 server 时 http 强制转换成 https
var targetProtocol = "https:";
if (window.location.protocol != targetProtocol)
window.location.href = targetProtocol +
window.location.href.substring(window.location.protocol.length);
}
</script>