๐Ÿ”€
blog.cat.ssl

Mixed content xatosi: HTTPS sahifada HTTP

02.05.2025
โ† Barcha maqolalar

HTTPS sahifa lekin ichida HTTP resurs (rasm, CSS, JS, iframe) โ€” brauzer 'Mixed Content' xatosi bilan ogohlantirib boshlaydi. Yopiq qulflar yo'q.

Sababi

Sayt HTTPS'ga ko'chirilgan, lekin kontentdagi link'lar va resurs yo'llari http:// bilan boshlangan. Misol: <img src='http://...' > HTTPS sahifasida.

2 turli

1) Passive Mixed Content โ€” rasm, video, audio. Brauzer ko'rsatadi lekin qulflar yo'q. 2) Active Mixed Content โ€” JS, CSS, iframe. Brauzer butunlay yuklamaydi (xavfsizlik).

Tuzatish

Avtomatik almashtirish: SQL bilan DB ichida 'http://sayt.uz' โ†’ 'https://sayt.uz'. Yoki '//' qoldirish (protocol-relative) โ€” har xil protokollarga moslashadi.

Misol

Avval: <img src='http://sayt.uz/logo.png' >
Tuzatish: <img src='https://sayt.uz/logo.png' >
Yoki: <img src='//sayt.uz/logo.png' >

Content Security Policy

HTTP header: Content-Security-Policy: upgrade-insecure-requests. Brauzer avtomatik http:// โ†’ https:// almashtirib oladi.

Topish vositalari

1) Chrome DevTools โ†’ Console โ€” Mixed Content xatolar qizil. 2) whynopadlock.com โ€” onlayn skaner. 3) WordPress Search & Replace plugin.

WordPress maxsus

Better Search Replace plagini bilan DB'da http โ†’ https almashtirish. WP-CLI: wp search-replace 'http://site.uz' 'https://site.uz'.

Sayt.uz'da

HTTPS standart, mixed content yo'q. Lekin foydalanuvchi qo'shgan iframe yoki tashqi link โ€” tekshirish kerak.

O'xshash maqolalar

๐Ÿ“ฑ SSL pinning: mobil ilovalarda MITM hujumlardan himoyaning eng samarali usuli ๐Ÿค SSL handshake jarayoni: TLS muloqotining ichki mexanikasi va bosqichlari ๐Ÿ”“ HTTPS yashil qulf yo'qoldi: sabablar ro'yxati va bosqichma-bosqich tuzatish โฐ SSL sertifikat muddatini kuzatish: monitoring tizimlari va ogohlantirish xizmatlari
๐ŸŒ Til
๐Ÿ‡บ๐Ÿ‡ฟ O'zbek โœ“ ๐Ÿ‡บ๐Ÿ‡ฟ ะŽะทะฑะตะบ ๐Ÿ‡ท๐Ÿ‡บ ะ ัƒััะบะธะน ๐Ÿ‡ฌ๐Ÿ‡ง English