如果访问的内容从http升级成了https那么下边放个是有效的
1.h5页面处理,增加meta(Chrome43.0支持 未验证)
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-
requests"/>
2.nginx在server下增加响应头
server{
add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
}
3.php 增加响应头
header("Content-Security-Policy: upgrade-insecure-requests");
upgrade-insecure-requests 是CSP指令作用就是让浏览器自动升级请求从http到https,用于大量包含http资源的http网页直接升级到https。
