XMLHttpRequest在Chrome中进行安全检查时无法加载本地资源。

huangapple go评论92阅读模式
英文:

XMLHttpRequest cannot load localhost resource with security check is Chrome

问题

我在 OS X 10.11.4 上运行的 Chrome 版本是 49.0.2623.108(64 位)。

从终端运行以下命令:

> ls /tmp
wtf.jpg

> ps -ef | grep -i chrome | grep -v grep
<空行>

退出 Chrome 后,确保没有任何实例仍在运行。

然后我使用以下参数打开 Chrome,以跳过跨域检查:

> open /Applications/Google\ Chrome.app/ --args --allow-file-access-from-files"

我还尝试了:

> open /Applications/Google\ Chrome.app/ --args --disable-web-security"

现在,我运行了一个简单的 Go 服务器:

package main

import "net/http"

func main() {
    panic(http.ListenAndServe(":8080", http.FileServer(http.Dir("/tmp"))))
}

最后,我将 Chrome 指向了 /tmp 中包含以下脚本的本地 HTML5 页面:

var req = new XMLHttpRequest();
req.open('GET', "localhost:8080/wtf.jpg");
req.onload = function() { 
  console.log("succeeded");
};
req.onerror = function() {
  Error("Network Error");
};
req.send();

最终出现以下错误:

> XMLHttpRequest 无法加载 localhost:8080/wtf.jpg。跨域请求仅支持以下协议方案:http、data、chrome、chrome-extension、https、chrome-extension-resource。

有没有办法解决这个问题?

英文:

I have Chrome Version 49.0.2623.108 (64-bit) running on OS X 10.11.4.

From the Terminal:

I ran:

&gt; ls /tmp
  wtf.jpg

&gt; ps -ef | grep -i chrome | grep -v grep
  &lt;empty line&gt;

After quitting Chrome, just making sure no instances is still running.

Then I open Chrome with the following argument to skip cross origin check:

&gt; open /Applications/Google\ Chrome.app/ --args --allow-file-access-from-files&quot;

I also tried:

&gt; open /Applications/Google\ Chrome.app/ --args --disable-web-security&quot;

Now, I run the trivial go server:

package main

import &quot;net/http&quot;

func main() {
	panic(http.ListenAndServe(&quot;:8080&quot;, http.FileServer(http.Dir(&quot;/tmp&quot;))))
}

Then finally, I point Chrome to a local html5 page in /tmp containing this script:

var req = new XMLHttpRequest();
req.open(&#39;GET&#39;, &quot;localhost:8080/wtf.jpg&quot;);
req.onload = function() { 
  console.log(&quot;succeeded&quot;);
};
req.onerror = function() {
  Error(&quot;Network Error&quot;);
};
req.send();

To finish with this error:

> XMLHttpRequest cannot load localhost:8080/wtf.jpg. Cross origin
> requests are only supported for protocol schemes: http, data, chrome,
> chrome-extension, https, chrome-extension-resource.

Is there a way around this annoyance?

答案1

得分: 1

我通过更改两个地方解决了这个问题:

1)我将XMLHttpRequest.open中的不合格的“"localhost:8080/wtf.jpg"”更改为“"http://localhost:8080/wtf.jpg"”。这解决了Chrome的错误消息。

2)我更新了简单的Go服务器:

package main

import "net/http"

const PORT = ":8080"

func handler(w http.ResponseWriter, r *http.Request) {
    if r.Method == "OPTIONS" {
        w.Header().Set("Access-Control-Allow-Origin", "http://localhost"+PORT)
    } else {
        http.ServeFile(w, r, "wtf.html")
    }
}

func main() {
    panic(http.ListenAndServe(PORT, http.HandlerFunc(handler)))
}

这对于本地测试来说已经足够好了,但不适用于生产环境。

英文:

I solved this problem by changing two things:

  1. I changed the underqualified &quot;localhost:8080/wtf.jpg&quot; in my XMLHttpRequest.open to &quot;http://localhost:8080/wtf.jpg&quot;. That solved the Chrome error message.

  2. I updated my simplistic go server:

    package main

    import "net/http"

    const PORT = ":8080"

    func handler(w http.ResponseWriter, r *http.Request) {
    if r.Method == "OPTIONS" {
    w.Header().Set("Access-Control-Allow-Origin", "http://localhost"+PORT)
    } else {
    http.ServeFile(w, r, "wtf.html")
    }
    }

    func main() {
    panic(http.ListenAndServe(PORT, http.HandlerFunc(handler)))
    }

That's not safe for production but good enough for local testing.

huangapple
  • 本文由 发表于 2016年3月25日 12:48:52
  • 转载请务必保留本文链接:https://go.coder-hub.com/36214183.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定