I have changed my site to https,but I used the cdn of static files in the code. it can't work and the chrome console show the errors like this:
Mixed Content: The page at 'https://a.example.com/static/' was loaded over HTTPS, but requested an insecure stylesheet 'http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css'. This request has been blocked; the content must be served over HTTPS.I have add the add_header Content-Security-Policy upgrade-insecure-requests; in the nginx configuration file like this:
server { listen 80; listen 443; server_name a.example.com; add_header Content-Security-Policy upgrade-insecure-requests; if ($scheme != "https") { return 301 https://$server_name$request_uri; #rewrite ^ https://$server_name$request_uri? permanent; } ssl on; ssl_certificate /etc/nginx/ssl/example.crt; ssl_certificate_key /etc/nginx/ssl/example.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; gzip on; gzip_proxied any; gzip_types text/plain application/xml application/json; client_max_body_size 8M; access_log /var/log/nginx/example.log; location / { proxy_pass http://10.10.10.110:5000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; } location ^~ /static/ { proxy_pass http://10.10.10.110:8888; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; #proxy_set_header Content-Security-Policy upgrade-insecure-requests; }}
but it does't work yet! Can someone tell me how to fix this? thx :)