堆栈内存溢出
  简体   繁体   English

如何加载来源不同的 iFrame 资源?

[英]How do I load iFrame resources, that have a different origin?

 原文  2022-11-23 17:45:16       iframe/ same-origin-policy

问题描述

I'm working on a project, that uses a third-party ticketing product which provides iFrames as part of their service.我正在从事一个项目,该项目使用第三方票务产品,该产品提供 iFrame 作为其服务的一部分。 This product's admin portal provides the means to upload resources (css, js, fonts, etc), that are injected into the head of the generated iFrames.该产品的管理门户提供了上传资源(css、js、fonts 等)的方法,这些资源被注入生成的 iFrame 的头部。

However, I need to be able to style these iFrames and manually re-uploading the necessary resources, each time I want to test something, is obviously far from ideal.但是,我需要能够设置这些 iFrame 的样式并手动重新上传必要的资源,每次我想测试一些东西,显然远非理想。 I don't have full control of how these iFrames are generated;我无法完全控制这些 iFrame 的生成方式; I do, however, have the option to add custom inline resources into the document head .但是,我确实可以选择将自定义内联资源添加到文档head中。

The issue is, whenever I try and include a resource (usually hosted on a test domain), as it's not on the same domain as the iFrame itself, I get the error: Referrer Policy: strict-origin-when-cross-origin .问题是,每当我尝试包含资源(通常托管在测试域上)时,因为它与 iFrame 本身不在同一个域中,我都会收到错误消息: Referrer Policy: strict-origin-when-cross-origin

Is there any way that I can somehow inject/load a resource that bypasses this?有什么办法可以以某种方式注入/加载绕过它的资源吗?

1 个解决方案

解决方案1
 0  2022-11-23 18:18:12

I found a working answer on another post here .我在这里的另一篇文章中找到了有效的答案。 For clarity, here is what the post says at the time of writing:为清楚起见,以下是该帖子在撰写本文时所说的内容:

For windows users with Chrome Versions 60.0.3112.78 (the day the solution was tested and worked) and at least until today 19.01.2019 (ver. 71.0.3578.98) .对于windows Chrome 版本 60.0.3112.78 的用户(解决方案经过测试和工作的那天),至少到今天 19.01.2019(版本 71.0.3578.98) You do not need to close any chrome instance.不需要关闭任何 chrome 实例。

  1. Create a shortcut on your desktop在桌面上创建快捷方式
  2. Right-click on the shortcut and click Properties右键单击快捷方式,然后单击属性
  3. Edit the Target property编辑目标属性
  4. Set it to "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:/ChromeDevSession"将其设置为“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --disable-web-security --user-data-dir="C:/ChromeDevSession"
  5. Start chrome and ignore the message that says --disable-web-security is not supported!启动 chrome 并忽略显示 --disable-web-security 不受支持的消息!

BEWARE NOT TO USE THIS PARTICULAR BROWSER INSTANCE FOR BROWSING BECAUSE YOU CAN BE HACKED WITH IT!请注意不要使用这个特定的浏览器实例进行浏览,因为您可能会被黑客入侵!

I can confirm that this method still works now using version 106.0.5249.119 (Official Build) (64-bit).我可以确认此方法现在使用版本 106.0.5249.119(官方构建)(64 位)仍然有效。 I also had to change the file path slightly to C:\Program Files\Google...我还必须将文件路径稍微更改为C:\Program Files\Google...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何区分来源相同的iframe和来源不同的iframe - How to distinguish an iframe with the same origin from iframe with different origin 我在同一页面上有两个iframe,但加载时间不同 - I have two iframe on same page but it load in different time duration 如何将视图(cshtml)加载到iframe中? - how do i load a view(cshtml) into an iframe? 如何使用 Jquery 在 iframe 中加载 url - How do I load an url in iframe with Jquery 如何将ERB加载到iframe中? - How do I load ERB into an iframe? 如何在我自己的域中对iframe实施相同的原始政策iframe限制? - How do I enforce same origin policy iframe restrictions on an iframe in my own domain? 如何分配不同的按钮以在iframe中加载其他网址? - How can I assign different buttons to load a different URL in an iframe? 如何加载 iframe 中文本框中指定的 URL? - How do I load a URL specified in a textbox in an iframe? 如何在iframe中将新页面加载到浏览器中? - How do I load a new page in the browser from within an iframe? 如何访问没有 ID、名称或 class 的 iframe - How do I access the iframe that does not have an id, name or class
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM