本文翻译自:Why am I suddenly getting a “Blocked loading mixed active content” issue in Firefox?
This morning, upon upgrading my Firefox browser to the latest version (from 22 to 23), some of the key aspects of my back office (website) stopped working.今天早上,将Firefox浏览器升级到最新版本(从22升级到23)后,后台(网站)的某些关键方面停止工作。
Looking at the Firebug log, the following errors were being reported:查看Firebug日志,报告了以下错误:
Blocked loading mixed active content "/ui/1.8.10/themes/smoothness/jquery-ui.css"Blocked loading mixed active content "/ajax/jquery.ui/1.8.10/jquery-ui.min.js"`
among other errors caused by the latter of the two above not being loaded.以及由于上述两个中的后一个未加载而导致的其他错误。
What does the above mean and how do I resolve it?以上是什么意思,我该如何解决?
#1楼
参考:/question/1EZx2/为什么我突然在Firefox中出现-阻止加载混合的活动内容-的问题
#2楼
I found this blog post which cleared up a few things.我发现这篇博客文章清除了一些问题。To quote the most relevant bit:引用最相关的位:
Mixed Active Content is now blocked by default in Firefox 23!默认情况下,Firefox 23中默认禁用混合活动内容!
What is Mixed Content?什么是混合内容?
When a user visits a page served over HTTP, their connection is open for eavesdropping and man-in-the-middle (MITM) attacks.当用户访问通过HTTP服务的页面时,他们的连接将打开以进行窃听和中间人(MITM)攻击。When a user visits a page served over HTTPS, their connection with the web server is authenticated and encrypted with SSL and hence safeguarded from eavesdroppers and MITM attacks.当用户访问通过HTTPS服务的页面时,他们与Web服务器的连接将通过SSL进行身份验证和加密,因此可以防止窃听和MITM攻击。
However, if an HTTPS page includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS.但是,如果HTTPS页面包含HTTP内容,则即使主页面通过HTTPS提供服务,攻击者也可以读取或修改HTTP部分。When an HTTPS page has HTTP content, we call that content “mixed”.当HTTPS页面具有HTTP内容时,我们称该内容为“混合”。The webpage that the user is visiting is only partially encrypted, since some of the content is retrieved unencrypted over HTTP.用户访问的网页仅被部分加密,因为某些内容是通过HTTP未加密地检索到的。The Mixed Content Blocker blocks certain HTTP requests on HTTPS pages.混合内容阻止程序阻止HTTPS页面上的某些HTTP请求。
The resolution, in my case, was to simply ensure thejqueryincludes were as follows (note the removal of the protocol):在我的情况下,解决方案是仅确保jquery包含如下内容(注意删除协议):
<link rel="stylesheet" href="///ui/1.8.10/themes/smoothness/jquery-ui.css" type="text/css"><script type="text/javascript" src="///ajax/jquery.ui/1.8.10/jquery-ui.min.js"></script>
Note that the temporary 'fix' is to click on the 'shield' icon in the top-left corner of the address bar and select 'Disable Protection on This Page', although this isnotrecommended for obvious reasons.请注意,临时的“修复”是单击地址栏左上角的“屏蔽”图标,然后选择“在此页面上禁用保护”,尽管出于明显原因不建议这样做。
UPDATE: This link from the Firefox (Mozilla) support pages is also useful in explaining what constitutes mixed content and, as given in the above paragraph, does actually provide details of how to display the page regardless:更新:Firefox(Mozilla)支持页面上的此链接也有助于解释什么构成混合内容,并且如上段所述,实际上提供了如何显示页面的详细信息,而不管:
Most websites will continue to work normally without any action on your part.大多数网站将继续正常运行,而无需您采取任何措施。
If you need to allow the mixed content to be displayed, you can do that easily:如果需要允许显示混合内容,则可以轻松做到这一点:
Click the shield icon Mixed Content Shield in the address bar and choose Disable Protection on This Page from the dropdown menu.单击地址栏中的屏蔽图标“混合内容屏蔽”,然后从下拉菜单中选择“禁用此页面上的保护”。
The icon in the address bar will change to an orange warning triangle Warning Identity Icon to remind you that insecure content is being displayed.地址栏中的图标将变为橙色的警告三角警告标识图标,以提醒您正在显示不安全的内容。
To revert the previous action (re-block mixed content), just reload the page.要恢复上一个操作(重新阻止混合内容),只需重新加载页面即可。
#3楼
It means you're calling http from https.这意味着您正在从https调用http。You can usesrc="//url.to/script.js"in your script tag and it will auto-detect.您可以在脚本标签中使用src="//url.to/script.js",它将自动检测到。
Alternately you can use use https in yoursrceven if you will be publishing it to a http page.或者,即使将其发布到http页面,也可以在src使用use https。This will avoid the potential issue mentioned in the comments.这样可以避免注释中提到的潜在问题。
#4楼
In absence of a white-list feature you have to make the "all" or "nothing" Choice.如果没有白名单功能,则必须选择“全部”或“什么都不做”。You can disable mixed content blocking completely.您可以完全禁用混合内容阻止。
The Nothing Choice没有选择
You will need to permanently disable mixed content blocking for the current active profile.您将需要永久禁用当前活动配置文件的混合内容阻止。
In the "Awesome Bar," type "about:config".在“真棒”中,键入“ about:config”。If this is your first time you will get the "This might void your warranty!"如果这是您第一次来,您将获得“这可能会使您的保修无效!”message.信息。
Yes you will be careful.是的,您会小心。Yes you promise!是的,你保证!
Findsecurity.mixed_content.block_active_content.查找security.mixed_content.block_active_content。Set its value tofalse.将其值设置为false。
The All Choice一切选择
iDevelApp 's answer is awesome.iDevelApp的答案很棒。
#5楼
If your app server is weblogic, then make sure WLProxySSL ON entry exists(and also make sure it should not be commented) in the weblogic.conf file in webserver's conf directory.如果您的应用程序服务器是weblogic,则请确保webserver的conf目录中的weblogic.conf文件中存在WLProxySSL ON条目(并确保不应对其进行注释)。then restart web server, it will work.然后重新启动Web服务器,它将起作用。
#6楼
I had this same problem because I bought a CSS template and it grabbed a javascript an external javascript file through/javascript.js.我遇到了同样的问题,因为我购买了CSS模板,它通过/javascript.js捕获了javascript和外部javascript文件。I went to that page in my browser and then changed it tohttps://whatever...using SSL and it worked, so in my HTML javascript tag I just changed the URL to usehttpsinstead ofhttpand it worked.我在浏览器中转到该页面,然后使用SSL将其更改为https://whatever...并且可以正常工作,因此在我的HTML javascript标签中,我只是将URL更改为使用https而不是http。
