未捕获的 DOMException:无法从“CSSStyleSheet”读取“规则”属性
[英]Uncaught DOMException: Failed to read the 'rules' property from 'CSSStyleSheet'
问题描述
In Code.org's App Lab editor, we recently started seeing this error in Chrome 64:
在 Code.org 的 App Lab 编辑器中,我们最近开始在 Chrome 64 中看到此错误:
Uncaught DOMException: Failed to read the 'rules' property from 'CSSStyleSheet'
The error is thrown in this function designed to detect whether CSS media queries are being used by the browser, on the line that includes styleSheets[i].cssRules .在此函数中抛出错误,该函数旨在检测浏览器是否正在使用 CSS 媒体查询,在包含styleSheets[i].cssRules 。
/** * IE9 throws an exception when trying to access the media field of a stylesheet */ export function browserSupportsCssMedia() { var styleSheets = document.styleSheets; for (var i = 0; i < styleSheets.length; i++) { var rules = styleSheets[i].cssRules || styleSheets[i].rules; try { if (rules.length > 0) { // see if we can access media rules[0].media; } } catch (e) { return false; } } return true; }
The problem has been seen on Windows, OSX, Ubuntu, and ChromeOS;该问题已在 Windows、OSX、Ubuntu 和 ChromeOS 上出现; on Chrome versions 64.0.3282.167 and 64.0.3282.186.在 Chrome 版本 64.0.3282.167 和 64.0.3282.186 上。 However, we've also seen this problem not happen on exactly the same Chrome version and platform - and we don't seem to be able to reproduce the problem in an incognito window.但是,我们也发现此问题不会在完全相同的 Chrome 版本和平台上发生 - 我们似乎无法在隐身窗口中重现该问题。
What is the root cause of this error?此错误的根本原因是什么?
3 个解决方案
解决方案1
18 已采纳 2018-03-07 21:24:55
This was a good story and a new 'gotcha' for web developers, so I just had to share:这是一个好故事,也是 Web 开发人员的新“陷阱”,所以我只需要分享:
Chrome 64.0.3282.0 (released January 2018, full change list ) introduced a change to security rules for stylesheets. Chrome 64.0.3282.0(2018 年 1 月发布, 完整更改列表)引入了对样式表安全规则的更改。 I'm irritated that I couldn't find this change in any changelog less detailed than the full commit list.我很恼火,我无法在任何比完整提交列表更详细的变更日志中找到此更改。
Commit a4ebe08 in Chromium is described:在 Chromium 中提交a4ebe08描述如下:
Update behavior of CSSStyleSheet to match spec for Security origin
Spec is here: https://www.w3.org/TR/cssom-1/#the-cssstylesheet-interface
Updated: the following methods now throw a SecurityError if the style sheet is not accessible:
- cssRules() / rules()
- insertRule()
- deleteRule()
This commit is a fix for the bug Security: Inconsistent CORS implementation regarding CSS and the link element.此提交是对错误安全性的修复:关于 CSS 和链接元素的 CORS 实现不一致。 The linked W3C spec describes in detail where use of the CSS Object Model requires same-origin access.链接的 W3C 规范详细描述了使用 CSS 对象模型需要同源访问的地方。
All that said, why was this issue showing up in App Lab?说了这么多,为什么这个问题会出现在 App Lab 中? We shouldn't experience any CORS issues, because we only load stylesheets from our own origin:我们不应该遇到任何 CORS 问题,因为我们只从我们自己的来源加载样式表:
The final clue was that we couldn't reproduce this issue in a private tab.最后的线索是我们无法在私人标签中重现这个问题。 We started looking at Chrome extensions and realized that some affected users had the Loom Video Recorder extension enabled, which seems to inject its own CSS into the page.我们开始研究 Chrome 扩展,并意识到一些受影响的用户启用了Loom Video Recorder扩展,这似乎将自己的 CSS 注入页面。 Since our (naïve) function was iterating through all loaded stylesheets, it was attempting to access this stylesheet injected by the extension and thus causing the CORS error.由于我们的 (naïve) 函数正在遍历所有加载的样式表,因此它试图访问由扩展注入的这个样式表,从而导致 CORS 错误。
That said, there's still some open issues and debate around this change in Chrome:也就是说,围绕 Chrome 中的这一变化仍然存在一些悬而未决的问题和争论:
- This comment on the original security bug complains that the only way now to detect that the stylesheet is not accessible from JavaScript is with a
try/catch.这个关于原始安全漏洞的评论抱怨现在检测样式表无法从 JavaScript 访问的唯一方法是使用try/catch。 - A Chromium bug opened January 23rd ( document.styleSheets.cssRules is null even with Access-Control-Allow-Origin: * ) suggests there may be an implementation issue with the new security rule that breaks certain workarounds. 1 月 23 日打开的 Chromium 错误( document.styleSheets.cssRules 为 null 即使使用 Access-Control-Allow-Origin: * )表明新安全规则可能存在实施问题,从而破坏了某些解决方法。
- The spec being implemented seems pretty stable, but it still has "Working Draft" status so who knows where it will land and what other browsers will implement.正在实施的规范似乎非常稳定,但它仍然处于“工作草案”状态,因此谁知道它将在哪里落地以及其他浏览器将实施什么。
To fix our problem, we just tore out the entire function.为了解决我们的问题,我们只是撕掉了整个函数。 We don't support IE9 anymore, and we know all of our supported browsers handle media queries properly.我们不再支持 IE9,而且我们知道我们支持的所有浏览器都能正确处理媒体查询。
Related (but not quite duplicate) questions:相关(但不完全重复)问题:
解决方案2
3 2018-10-05 21:22:11
In case anyone else has this issue related to the Cross-Origin Resource Sharing (CORS) policy it is discussed here: https://github.com/Modernizr/Modernizr/issues/2296如果其他人遇到与跨源资源共享 (CORS) 政策相关的问题,请在此处讨论: https : //github.com/Modernizr/Modernizr/issues/2296
You will have to test using a local host: https://developer.mozilla.org/en-US/docs/Learn/Common_questions/set_up_a_local_testing_server您必须使用本地主机进行测试: https : //developer.mozilla.org/en-US/docs/Learn/Common_questions/set_up_a_local_testing_server
Here is the workaround a "try/catch" method:这是“try/catch”方法的解决方法:
try { var classes = stylesheets[s].rules || stylesheets[s].cssRules; } catch (e) { console.warn("Can't read the css rules of: " + stylesheets[s].href, e); continue }
Had this issue and was racking my brain and this seemed to work...Good luck!遇到了这个问题并且绞尽脑汁,这似乎有效......祝你好运!
解决方案3
0 2020-03-11 16:21:40
For me works to move the css link href from header to body tag ending.对我来说,将 css 链接 href 从标题移动到正文标记结尾。
<link rel="stylesheet" href=".....">
</body>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.