[BUG] pjax设置会与强制HTTPS冲突，因为XMLHttpRequest导致的block:mixed-content

EvanNotFound / hexo-theme-redefine

Simplicity in Speed, Purity in Design. Redefine Your Hexo Journey.

https://redefine.ohevan.com

GNU General Public License v3.0

1.48k stars 125 forks source link

[BUG] pjax设置会与强制HTTPS冲突，因为XMLHttpRequest导致的block:mixed-content #85

Closed 2nfree closed 1 year ago

2nfree commented 1 year ago

提交前检查单

[x] 已经尝试执行 hexo clean，问题仍然存在

Bug 描述 控制台出现报错，导致菜单无法跳转 The page at 'https://xxxx' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://xxxx/xxx'. This request has been blocked; the content must be served over HTTPS.

复现方法 Github Pages设置域名，使用CloudFlare托管项目并开启强制HTTPS，pjax设置

pjax:
  enable: true

访问网站，点击网站菜单栏无法跳转，控制台报错 The page at 'https://xxxx' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://xxxx'. This request has been blocked; the content must be served over HTTPS. 造成部分页面跳转错误，关闭该设置回恢复正常

预期结果 强制HTTPS不会因为XMLHttpRequest导致页面跳转错误

电脑（请填写以下信息）：

操作系统：Ubuntu
浏览器 Chrome

其他偶然发现不知道算不算是BUG

EvanNotFound commented 1 year ago

请确认目标页面没有包含使用 http 连接的图片或文件，应该不是主题问题

2nfree commented 1 year ago

请确认目标页面没有包含使用 http 连接的图片或文件，应该不是主题问题

没有http的图片或者文件，受到影响的只有菜单栏无法跳转，是不是主题问题不太确定，但是关闭了pjax确实就好了

EvanNotFound commented 1 year ago

有网站链接吗，发来看看

2nfree commented 1 year ago

https://blog.2nfree.com

EvanNotFound commented 1 year ago

请查看 _config.yml 和 _config.redefine.yml，确保里面的 url 选项都加上了 https:// 前缀

如图

On Mar 3, 2023, at 1:53 AM, komorebi @.***> wrote:

https://blog.2nfree.com https://blog.2nfree.com/ — Reply to this email directly, view it on GitHub https://github.com/EvanNotFound/hexo-theme-redefine/issues/85#issuecomment-1453062648, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQLJVGDD64X4Y4X5HI3SVVDW2GIOBANCNFSM6AAAAAAVNMZPIQ. You are receiving this because you commented.

2nfree commented 1 year ago

请查看 _config.yml 和 _config.redefine.yml，确保里面的 url 选项都加上了 https:// 前缀如图 … On Mar 3, 2023, at 1:53 AM, komorebi @.***> wrote: https://blog.2nfree.com https://blog.2nfree.com/ — Reply to this email directly, view it on GitHub <#85 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQLJVGDD64X4Y4X5HI3SVVDW2GIOBANCNFSM6AAAAAAVNMZPIQ. You are receiving this because you commented.

图我这边好像看不到，我确定配置中都是https的配置，https://github.com/2nfree/2nfree-blog 我的仓库是开放出来的

EvanNotFound commented 1 year ago

好的我看看

EvanNotFound commented 1 year ago

用github pages托管的吗，请看看有没有开启 enforce https https://docs.github.com/en/pages/getting-started-with-github-pages/securing-your-github-pages-site-with-https

2nfree commented 1 year ago

好像设置了自定义域后这个选项就无法开启了，关闭自定义域是可以开启的，访问也确实正常了

2nfree commented 1 year ago

解决了，我在cloudflare中开启了强制HTTPS就好了，感谢大佬

EvanNotFound commented 1 year ago

好的，有什么其他问题欢迎提issue，Redefine v1.1.6 发布了，可以更新一下，console就不会报错 aplayer 了

2nfree commented 1 year ago

好的，有什么其他问题欢迎提issue，Redefine v1.1.6 发布了，可以更新一下，console就不会报错 aplayer 了

好的