{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Emotional °昔 的问题《Block all mixed content》','https://www.manongdao.com/q-655753.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
How do I completely prevent any mixed content from loading?
Current browsers are already blocking active mixed content (scripts). What I really want is to block all of it including images.
Purpose of this is to immediately see every offending image or file as broken, but not as an ambiguous warning in the address bar.
Is there a cross-browser way to do that?
The standard way to strictly block all mixed content:
block-all-mixed-contentCSP directive.In the simplest case if you’re not setting other CSP directives, it requires just sending this header:
Since not every browser support this directive, it may be feasible to send an extended header instead:
Other option is to force all plain http requests to go over https: