开发者

IE9 HTTPS security is compromised by my Greasemonkey script?

开发者 https://www.devze.com 2023-01-19 17:50 出处:网络
I’ve got a开发者_运维问答 Greasemonkey-for-IE script in IE9 that’s importing jQuery. But on secure pages it doesn’t work.

I’ve got a开发者_运维问答 Greasemonkey-for-IE script in IE9 that’s importing jQuery. But on secure pages it doesn’t work.

I’m getting:

SEC7111: HTTPS security is compromised by http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

The code that fails is:

var script = document.createElement("script");
script.setAttribute("src", 
    "http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js");

How can I make this work? The script doesn’t cause a problem in Firefox.


You can eliminate the issue with simpler code by using a scheme-relative URL like this:

var script = document.createElement("script");
script.setAttribute("src", 
   "//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js");

This will use http:// on an http:// page and https:// on an https:// page...a much simpler way to solve the issue.


Presumably: Use https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js instead (or not trust a third party CDN (to be both trustworthy and not compromised) for your secure pages)


The error message is IE's new way of warning about mixed content (HTTP and HTTPS resources on a secure page). Here is a related MSDN blog post.

Using

https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js

seems to work as well, although I can't see a official reference to it in the Libraries API overview.


The problem is that when you're in secure mode (ie HTTPS), all the files loaded by the page must also be HTTPS. The JQuery include you're making here is HTTP.

You need to detect whether the page is in HTTP or HTTPS mode (use window.location.protocol()), and adjust the URL of the JQuery include to suit. (all it needs is the additional 's' after 'http')


you are using https connection and you want to access a http connection.

0

精彩评论

暂无评论...
验证码 换一张
取 消