Which instructs the browser to automatically upgrade any HTTP request to HTTPS.
Upgrading insecure requests
You can enable this behavior either by sending a Content-Security-Policy header with this directive:
|
|
Or by embedding that same directive inline in the document’s section using a element:
|
|
It is worth noting, that if the resource is not available over HTTPS, the upgraded request fails and the resource is not loaded. This maintains the security of your page.
Refer: https://goo.gl/eiWbpH
近期评论