开发者

stop ie showing security warning when loading non secure images on secure page

开发者 https://www.devze.com 2023-02-03 14:19 出处:网络
I am using the following JQuery plugin to load an image slider http://www.orionseven.com/imageloader/index.php

I am using the following JQuery plugin to load an image slider http://www.orionseven.com/imageloader/index.php

However this is on a secure page (https) although the images are from external urls so therefore are not on secure pages.开发者_高级运维 Is there anyway I can stop IE 7 displaying the security warning? Maybe changing my code or something?


You cannot disable those warnings.

The reason you're seing them is because the user should be notified that non-secure requests are being made (and potentially compromising the security in the process). Turning them off would be bad for the user.


You should probably be hosting the images on your local server rather than expecting a third party to host them for you. That way they can all be served as HTTPS from the same site, and problem solved.

If you must fetch them from the third party server, you'll only be able to solve this issue if that third party also provides HTTPS on their server. In that case, you'd need to modify the URL used to request the images to change the protocol depending on what protocol the main page is being served with.

If you want to load them remotely and that remote server doesn't provide HTTPS, then you cannot get rid of the message -- it's there intentionally in IE to provide a legitimate security warning. You can't override it.


I have the exact same issue. Since M$ considers every single one of their users to be brain-dead and decided to lock-down the ability to bypass that warning, I've decided on a much simpler solution- Use literally any other browser. Check out this solution-

https://stackoverflow.com/a/23047482/3692082


You could proxy images through localy hosted php script.

https://server/image.php?url=foobar.com/foo.gif

<?php
echo file_get_contents("http://".$_GET['url']);
?>

some comments about cross-site-scripting vulnerability should follow:)

0

精彩评论

暂无评论...
验证码 换一张
取 消