混合内容问题

在您的网站上打开 Chrome DevTools (

F12

)，然后转到 Console 选项卡。特别查找有关混合内容的警告或错误。这些错误将指示 HTTPS 页面上正在加载哪些 HTTP 资源。

• 如果列出了任何 HTTP URL，请尝试在浏览器中直接通过 HTTPS 访问这些 URL。如果有效，请手动更新代码并替换为 https://。

from fastapi.middleware.cors import CORSMiddleware

app.add_middleware(
    CORSMiddleware,
    allow_origins=["https://your-vercel-domain.com"],
    allow_methods=["GET", "POST", "OPTIONS"],
    allow_headers=["Content-Type", "Authorization"],
)

• 您添加的 CSP 标头应有助于阻止或升级混合内容。

尝试此 CSP 规则 -

response.headers["Content-Security-Policy"] = "default-src 'self' https:; upgrade-insecure-requests; block-all-mixed-content" 

- 此 cmd 允许来自站点和安全源的内容

日志：

[INFO] Starting application...
[INFO] Connection to FastAPI backend established successfully via HTTPS.
[INFO] WebSocket connection initialized with Azure WebPubSub via wss://your-webpubsub-endpoint.
[INFO] Chat message sent successfully to backend: "Hello!"
[INFO] Object detection request sent to backend.
[INFO] Received response from backend for object detection.
[INFO] CSP: All resources loaded securely.
[INFO] All external resources loaded over HTTPS.

网络表：