3
我的应用程序使用Flask-Socketio,Flask和nginx。我在一篇文章中读到,所有HTTP到HTTPS的处理都必须在Web Server级别完成,而不是在Application Server级别完成。我使用rewrite属性将所有HTTP请求重定向为HTTPS请求。这与静态页面成功工作。但是,当我尝试加载动态内容时,出现错误,提示The page at 'https://localhost/myLoc' was loaded over HTTPS, but displayed insecure content from 'http://localhost/myLoc/more/paths?t=1390397': this content should also be loaded over HTTPS.。如何使用Flask,Flask-SocketIO和nginx实现SSL(http to https)
而且我得到这个错误也XMLHttpRequest cannot load http://localhost/myLoc/more/paths?t=1390397. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost' is therefore not allowed access.
我的nginx.conf文件看起来像这样
server {
server {
listen 80;
server_name _;
rewrite^https://$host$request_uri? permanent;
}
server {
gzip on;
ssl on;
listen 443 ssl;
server_name *.mydomain.com;
ssl_certificate /path/to/nginx/ssl/nginx.crt;
ssl_certificate_key /path/to/nginx/ssl/nginx.key;
location /myLoc {
proxy_pass http://localhost:9001/myLoc;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
请帮助。 Flask-SocketIO是否也必须包含证书和密钥的路径?
您正在加载第三方内容,如jQuery? – dirn 2014-11-06 15:24:37
你如何引用你的内容?它看起来应该是相对的(没有域名,例如'/ myLoc/more/paths?t = 1390397),你可能会在'http:// localhost/myLoc/more/paths?t = 1390397'显式获取资源')或协议相关(没有方案,例如'// localhost/myLoc/more/paths?t = 1390397');理想情况下,应该使用'url_for'来代替硬编码。您也可能需要在您的位置块中设置“X-Forwaded-Proto”标头并为[此答案]添加“ProxyFix”中间件(https://stackoverflow.com/questions/23347387/x-forwarded-proto-和瓶)。 – jonafato 2014-11-06 18:02:40
@dim:是的,我们正在使用JavaScript和jQuery – 2014-11-11 05:48:57