http升级https后,前端访问后端不通

Scroll Down

今天在用户现场部署一个新项目时,用户要求所有链接都要用https访问,我们在域名加了https证书后,发现前端访问后端会报错了,无法访问通,报错情况为

Mixed Content: The page at 'https://xxx/login' was loaded over HTTPS, but requested an insecure font 'http://xxx/font/font_zck90zmlh7hf47vi.ttf'. This request has been blocked; the content must be served over HTTPS.

image.png 页面中包含了大量的 http 资源(图片、iframe等),页面一旦发现存在上述响应头,会在加载 http 资源时自动替换成 https 请求。可以查看 google 提 供的最终解决方案为在前端的公用界面上,增加一行meta,增加之后就可以正常访问了. image.png

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">