我在 Shopify 中使用 HTTPS
托管了一个网站,然后我通过 Angular 创建了一个 GET 到 HTTP
网站。
Angular
<script type="text/javascript" src="https://code.jquery.com/jquery-1.12.4.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js"></script>
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<link href="https://fonts.googleapis.com/css?family=Roboto:400,900" rel="stylesheet">
<style type="text/css">
div {
font-family: 'Roboto', sans-serif;
}
p, a {
font-size: 12px;
font-family: 'Roboto', sans-serif;
}
.body-text-header-large {
font-size: 1.5em;
font-weight: 300;
line-height: 2em;
color: #42baf1;
font-family: 'Roboto', sans-serif;
}
.company-name {
font-weight: 900;
font-family: 'Roboto', sans-serif;
}
</style>
<div ng-app="myApp" ng-controller="myCtrl">
<div class="container">
<span class="body-text-header-large">DISTRIBUTORS</span>
<p class="silver">Bioss Antibodies are sold worldwide. Find a distributor near you to order in your area!</p>
<div ng-repeat="obj in data" >
<div class="row">
<!-- Country -->
<div class="col-xs-4 text-center" >
<p>{{obj.country}}</p>
<img src="data:image/png;base64,{{obj.flag}}" alt="" width="30px">
</div>
<!-- Main Info -->
<div class="col-xs-4" >
<p class="company-name">{{obj.user.username}}</p>
<p>{{obj.distributor.phone_public}}</p>
<p>{{obj.user.email}}</p>
<a href="{{obj.distributor.url}}">{{obj.distributor.url}}</a></span> <span class="col span_2_of_6">
</div>
<!-- Logo -->
<div class="col-xs-4 pull-right" >
<img src="data:image/png;base64,{{obj.logo}}" alt="" width="100px">
</div>
</div>
<br><hr>
</div>
</div>
</div>
<script>
"use strict";
var app = angular.module('myApp', []);
app.controller('myCtrl', function($scope, $http) {
$http.get("http://d.biossusa.com/api/distributor?key=*******")
.then(function(response) {
var data = response.data;
var array = $.map(data, function(value) {
return [value];
});
console.log(typeof(array));
console.log(array.length);
console.log(array);
try {
$scope.data = array;
} catch (error) {
console.log('its not json');
}
});
});
</script>
本地结果
工作得很好
我不断得到
Refused to connect to 'http://d.biossusa.com/api/distributor?key=******' because it violates the following Content Security Policy directive: "connect-src 'self' https://* wss://*".
将我的 API 站点从 HTTP 转换为 HTTPS 可能有点昂贵。解决这个问题的方法是什么?
还有别的办法吗?
是否有任何框架或 API 可以帮助避免此错误?
最佳答案
从 HTTP 到 HTTPS 调用 URL 时 same origin policy将阻止您的请求。浏览器协议(protocol)作为不同来源处理。
例如,您可以使用 CORS启用跨源 HTTP 请求。使用 CORLS 将允许您发送请求从 HTTP 到 HTTPS。这是 good guide其中规定了使用 CORS 及其含义的基础知识。
大多数情况下,您需要通过将 Access-Control-Allow-Origin: *
添加到您的响应 header 来允许跨域请求。此配置将在您的后端应用程序(服务器端)中进行。但这此时对你没有帮助:
请注意,由于浏览器的安全功能,如果您从 HTTPS 到 HTTP 调用 URL,CORS/AJAX 请求将不起作用。看看 w3c access control security其中说:
As indicated as the first step of the cross-origin request algorithm and in the redirect steps algorithm user agents are allowed to terminate the algorithm and not make a request. This could be done because e.g.:
The origin of the resource blacklisted.
The origin of the resource is known to be part of an intranet.
The URL is not supported. -https to http is not allowed.
https is not allowed because of certificate errors
关于javascript - 我们可以在 HTTPS 和 HTTP 站点之间进行 GET 吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42166806/