如何删除主页不支持 https 的 css?

2016-09-18 12:56:52 +08:00
 yuhaaitao
chrome 打开博客主页,提示有部分链接不支持 https ,怎么替换掉呢?
Mixed Content: The page at 'https://yuhaitao.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.staticfile.org/normalize/2.1.3/normalize.min.css'. This request has been blocked; the content must be served over HTTPS.
https://yuhaitao.com/favicon.ico Failed to load resource: the server responded with a status of 404 (Not Found)

这是在 chrome 诊断页面复制的不支持 https 的链接
<!DOCTYPE HTML>
<html class="no-js">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<meta name="renderer" content="webkit">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<title>临海听涛</title>

<!-- 使用 url 函数转换相关路径 -->
<link rel="stylesheet" href="http://cdn.staticfile.org/normalize/2.1.3/normalize.min.css">


下面是默认主题 index.php ,没有找到 link rel="stylesheet" href="http://cdn.staticfile.org/normalize/2.1.3/normalize.min.css"

<?php
/**
* 这是 Typecho 0.9 系统的一套默认皮肤
*
* @package Typecho Replica Theme
* @author Typecho Team
* @version 1.2
* @link http://typecho.org
*/

if (!defined('__TYPECHO_ROOT_DIR__')) exit;
$this->need('header.php');
?>

<div class="col-mb-12 col-8" id="main" role="main">
<?php while($this->next()): ?>
<article class="post" itemscope itemtype="http://schema.org/BlogPosting">
<h2 class="post-title" itemprop="name headline"><a itemtype="url" href="<?php $this->permalink() ?>"><?php $this->title() ?></a></h2>
<ul class="post-meta">
<li itemprop="author" itemscope itemtype="http://schema.org/Person"><?php _e('作者: '); ?><a itemprop="name" href="<?php $this->author->permalink(); ?>" rel="author"><?php $this->author(); ?></a></li>
<li><?php _e('时间: '); ?><time datetime="<?php $this->date('c'); ?>" itemprop="datePublished"><?php $this->date('F j, Y'); ?></time></li>
<li><?php _e('分类: '); ?><?php $this->category(','); ?></li>
<li itemprop="interactionCount"><a itemprop="discussionUrl" href="<?php $this->permalink() ?>#comments"><?php $this->commentsNum('评论', '1 条评论', '%d 条评论'); ?></a></li>
</ul>
<div class="post-content" itemprop="articleBody">
<?php $this->content('- 阅读剩余部分 -'); ?>
</div>
</article>
<?php endwhile; ?>

<?php $this->pageNav('&laquo; 前一页', '后一页 &raquo;'); ?>
</div><!-- end #main-->

<?php $this->need('sidebar.php'); ?>
<?php $this->need('footer.php'); ?>
4586 次点击
所在节点    SSL
12 条回复
yuhaaitao
2016-09-18 12:58:42 +08:00
Mixed Content: The page at 'https://yuhaitao.com/the-music-migu-sign-to-send-traffic/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.staticfile.org/normalize/2.1.3/normalize.min.css'. This request has been blocked; the content must be served over HTTPS.
(index):227 Mixed Content: The page at 'https://yuhaitao.com/the-music-migu-sign-to-send-traffic/' was loaded over HTTPS, but requested an insecure image 'http://image.yuhaitao.com/4f632767ac0d_CDB5/Screenshot_20151208140849_cmccwm.mobilemusic.png'. This content should also be served over HTTPS.
(index):227 Mixed Content: The page at 'https://yuhaitao.com/the-music-migu-sign-to-send-traffic/' was loaded over HTTPS, but requested an insecure image 'http://image.yuhaitao.com/4f632767ac0d_CDB5/Screenshot_20151208140918_cmccwm.mobilemusic.png'. This content should also be served over HTTPS.
(index):227 Mixed Content: The page at 'https://yuhaitao.com/the-music-migu-sign-to-send-traffic/' was loaded over HTTPS, but requested an insecure image 'http://image.yuhaitao.com/4f632767ac0d_CDB5/Screenshot_20151208143831_com.sunbelt.androidbutler.png'. This content should also be served over HTTPS.

之前文章的图片链接怎么换成 https?
lhbc
2016-09-18 13:16:36 +08:00
1 、替换所有文件里的连接
2 、如果你确定 image.yuhaitao.com 支持 https ,但又懒得替换或者怕替换不完整,可以在头部加这个字段,现代浏览器会自动升级协议
Content-Security-Policy: upgrade-insecure-requests
yuhaaitao
2016-09-18 13:30:23 +08:00
@lhbc 那个 cdn 链接我在网站里找不到在哪里?
头部加这个字段是主题中的 index.php 吗?
lhbc
2016-09-18 13:42:03 +08:00
@yuhaaitao
1. 这个得你自己找了
2. 所有页面,最简单的方法是在 nginx 里加上这个头部
loading
2016-09-18 13:56:10 +08:00
加到 <style>,逃~
yuhaaitao
2016-09-18 16:14:02 +08:00
@lhbc 虚拟主机,能在 nginx 里加吗?
lhbc
2016-09-18 16:24:16 +08:00
@yuhaaitao 虚拟主机不能改 nginx 配置
可以在 meta 里加
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
JimmyCai
2016-09-18 17:25:15 +08:00
在 header.php 找
kawaiiushio
2016-09-18 20:13:12 +08:00
https://ky0n.xyz/static-reverse-proxy/
VmuTargh
2016-09-18 23:55:36 +08:00
At header.php
Solutions: replace/remove, CSP
yuhaaitao
2016-09-19 10:53:57 +08:00
@VmuTargh Solutions: replace/remove, CSP 添到那里?
index.php 是这样的。

<?php
/**
* Typecho Blog Platform
*
* @copyright Copyright (c) 2008 Typecho team ( http://www.typecho.org)
* @license GNU General Public License 2.0
* @version $Id: index.php 1153 2009-07-02 10:53:22Z magike.net $
*/

/** 载入配置支持 */
if (!defined('__TYPECHO_ROOT_DIR__') && !@include_once 'config.inc.php') {
file_exists('./install.php') ? header('Location: install.php') : print('Missing Config File');
exit;
}

/** 初始化组件 */
Typecho_Widget::widget('Widget_Init');

/** 注册一个初始化插件 */
Typecho_Plugin::factory('index.php')->begin();

/** 开始路由分发 */
Typecho_Router::dispatch();

/** 注册一个结束插件 */
Typecho_Plugin::factory('index.php')->end();
yuhaaitao
2016-09-19 12:20:37 +08:00
已解决,在默认主题 header.php 中按照 @lhbc 提到的在 meta 里加
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
替换'http://cdn.staticfile.org/normalize/2.1.3/normalize.min.css'为本地路径就好了。
chrome 终于全绿了

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/306957

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX