http - 为什么我在 Firefox 中突然遇到 "Blocked loading mixed active content"问题？

Question

今天早上，在将我的 Firefox 浏览器升级到最新版本(从 22 到 23)后，我的后台(网站)的一些关键方面停止工作。

查看 Firebug 日志，报告了以下错误:

Blocked loading mixed active content "http://code.jquery.com/ui/1.8.10/themes/smoothness/jquery-ui.css"
Blocked loading mixed active content "http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.10/jquery-ui.min.js"`

由于未加载上述两个中的后者而导致的其他错误。

以上是什么意思，我该如何解决？

Answer 1

我找到了 this blog post这澄清了一些事情。引用最相关的位:

Mixed Active Content is now blocked by default in Firefox 23!

What is Mixed Content?
When a user visits a page served over HTTP, their connection is open for eavesdropping and man-in-the-middle (MITM) attacks. When a user visits a page served over HTTPS, their connection with the web server is authenticated and encrypted with SSL and hence safeguarded from eavesdroppers and MITM attacks.

However, if an HTTPS page includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The webpage that the user is visiting is only partially encrypted, since some of the content is retrieved unencrypted over HTTP. The Mixed Content Blocker blocks certain HTTP requests on HTTPS pages.

在我的例子中，解决方案是简单地确保 jquery 包含如下(注意协议(protocol)的删除):

<link rel="stylesheet" href="//code.jquery.com/ui/1.8.10/themes/smoothness/jquery-ui.css" type="text/css">
<script type="text/javascript" src="//ajax.aspnetcdn.com/ajax/jquery.ui/1.8.10/jquery-ui.min.js"></script>

请注意，临时“修复”是单击地址栏左上角的“盾牌”图标并选择“在此页面上禁用保护”，尽管这不是 出于显而易见的原因推荐。

更新:This link来自 Firefox (Mozilla) 支持页面的内容对于解释混合内容的构成也很有用，并且如上段所述，实际上提供了如何显示页面的详细信息:

Most websites will continue to work normally without any action on your part.

If you need to allow the mixed content to be displayed, you can do that easily:

Click the shield icon Mixed Content Shield in the address bar and choose Disable Protection on This Page from the dropdown menu.

The icon in the address bar will change to an orange warning triangle Warning Identity Icon to remind you that insecure content is being displayed.

To revert the previous action (re-block mixed content), just reload the page.