部署https后瀏覽器提示不安全,不出現(xiàn)綠色小鎖?

網(wǎng)站部署https后,瀏覽器提示不安全, 不出現(xiàn)綠色小鎖圖標?

訪問網(wǎng)站后,按f12,瀏覽器提示:

Mixed Content: The page at 'https://www.xxx.com/'' was loaded over HTTPS, but requested an insecure image 'http://www.xxx.com/uploads/2018/12/3.png'. This content

原因是在https頁面中，如果調(diào)用了http資源，那么瀏覽器就會拋出一些錯誤,

解決辦法:在header中加入 Upgrade-Insecure-Requests,會告訴瀏覽器可以把所屬本站的所有 http 連接升級為 https 連接,外站請求保持默認;

添加header方法:

1.iis7

        或直接在網(wǎng)站根目錄web.config中定義

 <?xml version="1.0" encoding="UTF-8"?>   
      <configuration>
         <system.webServer>
           <httpProtocol>
           <customHeaders>
            <add name="Content-Security-Policy" value="upgrade-insecure-requests" />
           </customHeaders>
         </httpProtocol>
        </system.webServer> 
        </configuration>

2.apache

    可直接在網(wǎng)站根目錄.htaccess中定義

 <IFModule mod_headers.c>     
     Header add Content-Security-Policy upgrade-insecure-requests
 </IFModule>

3. nginx

        server {
            listen        80;
            server_name   (myservername);
            add_header Content-Security-Policy "upgrade-insecure-requests";
            location / {    
                proxy_pass         http://localhost:5000;
            }
        }