糟糕:Google Chrome 說你的網站圖片有安全漏洞

紅寶鐵軌客
Join to follow...
Follow/Unfollow Writer: 紅寶鐵軌客
By following, you’ll receive notifications when this author publishes new articles.
Don't wait! Sign up to follow this writer.
WriterShelf is a privacy-oriented writing platform. Unleash the power of your voice. It's free!
Sign up. Join WriterShelf now! Already a member. Login to WriterShelf.
寫程式中、折磨中、享受中 ......
1.11K   0  
·
2017/05/27
·
2 mins read


Google 最近開始嚴厲管控沒有使用SSL加密的HTTP了,簡單來說,就是,任何沒有使用HTTPS的網站,基本上都不讓使用者連上了,我想大家經過了這幾年,SSL 也有些免費的服務後,應該用SSL加密網站沒有太多問題了,但是,最近,Google 又開始加強管控網站內的內容了,幾本上:

  • 內有非HTTPS的連結
  • 內有非HTTPS的圖片連結

都會看到類似這樣的警告!:

Chome的圖片安全漏洞警告

 

如果你的網站內容全部都是自己控管的,那問題不大,但是,如果網站的內容圖片不一定,那就問題大了,有時候,光找到是那個討厭鬼,都是麻煩,還好,Chrome 有幫一點忙,你只要打開“開發人員工具”,點開Console,他就會把那隻討厭的圖找出來,顯示像這樣:

Mixed Content: The page at 'https://www.xxx.xxx/xxx.xxx' was loaded over HTTPS, but requested an 
insecure image 'http://no.secure.cc/123456.jpg'. This content should also be served over HTTPS.

 

能找到,又怎樣?使用者就是連結了,接下來就要看你決定怎麼處理這個“憯在危機”了,基本上,不是每個圖都是病毒,但是有可能,反正,你能處理的方式,不外乎,顯示,不顯示,以下是我用來判斷是不是HTTPS的方法,希望有幫助了:

 

有碼最好懂,所以一樣,放碼出來

<% doc = Nokogiri::HTML(blog.content) %>
<% @img = doc.at_css("img") %>
<% if (@img != nil) %>
  <% @img = @img.attr('src') %>
  <%-# block display none https/data image to avoid google insecure warning %>
  <% @img_scheme = URI(@img).scheme %>
  <% if (@img_scheme == "https") || (@img_scheme == "data") %>
    <%= link_to( image_tag(@img), blog_path(:id => blog.id)) %>
  <% end %>
<% end %>

 

結論,自己決定,要不要讓這些圖見世面,但至少還不用花太多server loading去處理它。


WriterShelf™ is a unique multiple pen name blogging and forum platform. Protect relationships and your privacy. Take your writing in new directions. ** Join WriterShelf**
WriterShelf™ is an open writing platform. The views, information and opinions in this article are those of the author.


Article info

Categories:
Tags:
Date:
Published: 2017/05/27 - Updated: 2017/10/27
Total: 449 words


Share this article:
About the Author

很久以前就是個「寫程式的」,其實,什麼程式都不熟⋯⋯
就,這會一點點,那會一點點⋯⋯




Join the discussion now!
Don't wait! Sign up to join the discussion.
WriterShelf is a privacy-oriented writing platform. Unleash the power of your voice. It's free!
Sign up. Join WriterShelf now! Already a member. Login to WriterShelf.