After the website deploys HTTPS (Hypertext Transfer Security Protocol), the browser prompts that it is not secure? This is caused by the non-HTTPS resource being called in the webpage. It can be viewed in the browser F12 development and debugging tools, for example: Mixed Content: The page at ‘https://yoursite.com/’ was loaded over HTTPS, but requested an insecure image ‘http://yoursite.com//uploads /2021/1/3.png’.
In the https page, if the http resource is called, there will be some errors in the browser. For some websites that have not enabled HTTPS before and then will inevitably encounter such problems.
Solution
Adding Upgrade-Insecure-Requestsit to the header will tell the browser to upgrade all http connections belonging to this site to https connections, and the outbound request will remain the default.
nginx add method
server {
listen 80;
server_name (myservername);
add_header Content-Security-Policy "upgrade-insecure-requests";
location / {
proxy_pass http://localhost:5000;
}
}apache add method
Add the following content to the website root directory .htaccess:
<IFModule mod_headers.c>
Header add Content-Security-Policy upgrade-insecure-requests
</IFModule>iis7 add method
In the website root directory web.config add:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="upgrade-insecure-requests" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>Note: Before performing the above operations, please back up the corresponding configuration files.