Safari 9 disallowed running of insecure content?

2019-02-01 18:34发布

after upgrading to Safari 9 I'm getting this error in the browser:

[Warning] [blocked] The page at https://localhost:8443/login was not allowed to run insecure content from http://localhost:8080/assets/static/script.js.

Anyone knows how to enable the running of insecure content on the new Safari?

3条回答
仙女界的扛把子
2楼-- · 2019-02-01 19:05

You can fix the HTTPS problem by using HTTPS locally with a self signed SSL certificate. Heroku has a great how-to article about generating one.

After setting up SSL on all of your development servers, you will still get an error loading the resource in Safari since an untrusted certificate is being used(self signed SSL certificates are not trusted by browsers by default because they cannot be verified with a trusted authority). To fix this, you can load the problematic URL in a new tab in Safari and the browser will prompt you to allow access. If you click "Show Certificate" in the prompt, there will be a checkbox in the certificate details view to "Always allow content from localhost". Checking this before allowing access will store the setting in Safari for the future. After allowing access just reload the page originally exhibiting a problem and you should be good to go.

This is a valid use case as a developer but please make sure you fully understand the security implications and risks you are adding to your system by making this change!

查看更多
Luminary・发光体
3楼-- · 2019-02-01 19:13

If like me you have

  • frontend on port1
  • backend on port2b
  • want to load script http://localhost:port1/app.js from http://localhost:port2/backendPage

I have found an easy workaround: simply redirect with http response all http://localhost:port2/localFrontend/*path to http://localhost:port1/*path from your backend server configuration.

Then you could load your script directly from http://localhost:port2/localFrontend/app.js instead of direct frontend url. (or you could configure a base url for all your resources)

This way, Safari will be able to load content from another domain/port without needing any https setup.

查看更多
Evening l夕情丶
4楼-- · 2019-02-01 19:18

According to the Apple support forums Safari does not allow you to disable the block on mixed content.

Though this is frustrating for usability in legitimate cases like yours, it seems to be part of their effort to force secure content serving / content serving best practices.

As a solution for you you can either upgrade the HTTP connection to HTTPS (which it seems you have done) or proxy your content through an HTTPS connection with an HTTPS-enabled service (or, in your case, port).

查看更多
登录 后发表回答