想要讓客戶用我們雲端的網頁服務(https)，抓取客戶端內網某 Ip 上的服務(http)。
When a user visits a page served over HTTPS, their connection with the web server is encrypted with TLS and is therefore safeguarded from most sniffers and man-in-the-middle attacks. An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers. That leaves the pages unsafe.
- 再起一個 localhost service 打內網的 IP
- 讓雲端的服務直接吃 localhost service
localhost 免搶可以視為是安全的拉 ＸＤＤ
Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.
... user agents MAY treat localhost names as having potentially trustworthy origins ...
- potentially trustworthy
爽！ 長知識就是開心 ：）