允许通过HTTPS和HTTP两种方式访问WordPress网站——解决以HTTPS协议访问网站却因请求了不安全的资源报错

以HTTPS协议访问https://www.deaboway.com/,发生如下错误:

Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.deaboway.com/wp-content/cache/autoptimize/css/autoptimize_fabbbb6a8a981a178f0f8eeeb8cf4232.css'. This request has been blocked; the content must be served over HTTPS.
VM235:2 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure script 'http://www.deaboway.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.5'. This request has been blocked; the content must be served over HTTPS.
VM235:2 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.deaboway.com/wp-includes/css/dashicons.min.css?ver=4.9.5'. This request has been blocked; the content must be served over HTTPS.
VM235:2 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.deaboway.com/wp-includes/css/admin-bar.min.css?ver=4.9.5'. This request has been blocked; the content must be served over HTTPS.
VM234:1 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure script 'http://www.deaboway.com/wp-includes/js/jquery/jquery.js?ver=1.12.4'. This request has been blocked; the content must be served over HTTPS
解决办法:
把资源的引用从http改成https,具体用神马办法呢?
这里的方案是让http和https两种访问方式并存。而不是只允许https访问哈!!!
1. 将siteurl和home都从 http://www.deaboway.com 改成 https://www.deaboway.com —— 不必须
2. 在wp的数据库中运行: SELECT * FROM `wp_options` where option_value like ‘http://%’; 查找http的条目,改成https协议。 —— 不必须
3. vim /etc/nginx/nginx.conf 在443端口的https中添加: —— 不必须
add_header Front-End-Https on;
nginx -s reload
4. 编辑当前主题下的 functions.php 文件 HTTPS 相对链接替换 —— 必须,同时支持http和https协议访问
//WordPress SSL
function deaboway_ssl(){
	if( is_ssl() ){
		function deaboway_ssl_main ($content){
			$siteurl = get_option('siteurl');
			$upload_dir = wp_upload_dir();
			$content = str_replace( 'http:'.strstr($siteurl, '//'), strstr($siteurl, '//'), $content);
			$content = str_replace( 'http:'.strstr($upload_dir['baseurl'], '//'), strstr($upload_dir['baseurl'], '//'), $content);
			return $content;
		}
		ob_start("deaboway_ssl_main");
	}
}
add_filter('get_header', 'deaboway_ssl');
5. 由于我使用了cloudflare cdn,需要将ssl改成full模式 —— 根据实际使用的cdn的情况确定

欢迎关注我的微信公众号:

 

如无特殊说明,文章均为本站原创,转载请注明出处!

发表回复

您的电子邮箱地址不会被公开。