堆栈内存溢出
  简体   繁体   English

如何让谷歌浏览器允许 CORS?

[英]How do I make Google Chrome allow CORS?

 原文  2021-02-25 13:32:26       mixed-content

问题描述

I have the following code on a (IIS) server as test1.htm.我在(IIS)服务器上有以下代码作为test1.htm。 

 <script> request = new XMLHttpRequest(); request.open("GET", "http://192.168.1.102/test2.htm", false); request.send(); alert(request.response); </script>

The file test2.htm just contains some simple text, "Hello World".文件 test2.htm 只包含一些简单的文本,“Hello World”。 When I navigate Chrome to test1.htm using HTTP, to no surprise I get an alert popup saying, Hello World.当我使用 HTTP 将 Chrome 导航到 test1.htm 时,不出所料,我收到一个警报弹出窗口,说 Hello World。 Life is good.生活很好。

However, when I change HTTP to HTTPS for test1.htm, the request to test2.htm initiates a cross-domain violation, which it should.但是,当我将 test1.htm 的 HTTP 更改为 HTTPS 时,对 test2.htm 的请求会引发跨域违规,这是应该的。

But, I do have an extension named, "Allow CORS: Access-Control-Allow-Origin" installed and turned on.但是,我确实安装并打开了一个名为“允许 CORS:Access-Control-Allow-Origin”的扩展。 I'm new to CORS, but my understanding is that Chrome should now initiate a CORS process, perhaps a pre-flight check?我是 CORS 的新手,但我的理解是 Chrome 现在应该启动 CORS 进程,也许是飞行前检查? I see nothing.我什么也没看见。

Using the F12 debugger tool, I see that the request for test2.htm is flagged in red and its status marked as "blocked: mixed content", which is what I would expect if I did NOT have the CORS extension.使用 F12 调试器工具,我看到对 test2.htm 的请求标记为红色,并且其状态标记为“已阻止:混合内容”,如果我没有 CORS 扩展名,这是我所期望的。 But I do...但是我愿意...

What am I missing?我错过了什么?

Thanks!谢谢! Curt生硬

Update: I'm using Chrome version 88.0.4324.190 under Windows 10.更新:我在 Windows 10 下使用 Chrome 版本 88.0.4324.190。

1 个解决方案

解决方案1
 0  2021-03-01 13:08:52

As it turns out that example doesn't just create a cross-domain violation;事实证明,该示例不仅会造成跨域违规; it also creates a mixed-content violation.它还会造成混合内容违规。 That is, mixing http with https.也就是说,将 http 与 https 混合。 It's also known as insecure content for which there's a site-specific setting within Chrome.它也被称为不安全的内容,在 Chrome 中有一个特定于站点的设置。 Once that is set, the browser then allows the http request, but then expects a "simple" CORS response.一旦设置好,浏览器就会允许 http 请求,但随后会期待“简单”的 CORS 响应。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何获得最新的Chrome(第55版)以允许混合内容? - How to get Latest Chrome (Version 55) to allow mixed content? HTTPS上的Google Chrome混合内容错误 - Google Chrome mixed-content error on HTTPS 为什么谷歌浏览器上的混合内容不起作用 - Why is mixed content on google chrome not working 对于Chrome扩展程序,从https站点调用http站点时出现错误 - For Chrome extension, I get error when calling http site from https site 如何使 Websocket 连接与 HTTPS / TLS 一起工作? - How to make Websocket connection working with HTTPS / TLS? 允许在 iframe 中混合内容 - Allow mixed content inside iframe 不允许 Firefox 中的混合内容 - Cannot allow mixed content in Firefox 允许/激活浏览器中的混合内容 - Allow/activate mixed content in Browser Axios CORS / Preflight无法使用Laravel 5.4 API调用 - Axios CORS/Preflight failing with Laravel 5.4 API call CORS 问题使用 jquery-rss 解析 XML - CORS Issue Using jquery-rss to Parse XML
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM