我有真正需要的是HTTPS Ajax调用。但是，页，它正在从称为是http。浏览器抱怨限制URI否认，presumably由于同源策略。是否有任何已知的解决方法呢？

I have an ajax call that really needs to be https. However, the page that it is being called from is http. The browser complains about restricted URI denied, presumably due to the same origin policy. Are there any known workaround for this?

推荐答案

是的，这是同源策略阻止你。你必须使用相同的解决方法为跨域请求。

Yes, that's same-origin policy stopping you. You have to use same workarounds as for cross-domain requests.

从非安全网站请求是不安全的，即使你正在做的请求HTTPS URL中（因为MITM攻击可以以http全部替换https开头），那么你应该考虑使用HTTPS整个页面。

Requests from non-secure website are not secure, even if you're making requests to HTTPS URLs (because MITM attack can replace all "https" with "http"), so you should consider using HTTPS for the whole page.