什么触发“Internet Explorer 已修改此页面以帮助防止跨站点脚本。”?
[英]What triggers "Internet Explorer has modified this page to help prevent cross-site scripting."?
问题描述
I'm trying to implement a workaround for missing CORS functionality in Internet Explorer.
我正在尝试针对 Internet Explorer 中缺少 CORS 功能实施解决方法。 For GET requests I use JSONP, no problem here.对于 GET 请求我使用 JSONP,这里没问题。 For small POST/DELETE/PUT requests I also use JSONP by tunneling the requests through GET but this does not work for larger requests (Because the length of the GET URL is limited).对于小型 POST/DELETE/PUT 请求,我还通过 GET 隧道化请求来使用 JSONP,但这不适用于较大的请求(因为 GET URL 的长度是有限的)。 So for large data I try to implement a form POST via an iframe.因此,对于大数据,我尝试通过 iframe 实现表单 POST。 I can't read the response from this POST because of the same-origin policy so I fetch the response via a JSONP GET request after posting the data.由于同源策略,我无法读取此 POST 的响应,因此我在发布数据后通过 JSONP GET 请求获取响应。 Works great but sometimes I get a strange warning in IE 9:效果很好,但有时我会在 IE 9 中收到一个奇怪的警告:
Internet Explorer has modified this page to help prevent cross-site scripting.
First I wondered what the hell IE is doing there because even when this warning appears everything still works correctly.首先,我想知道 IE 到底在做什么,因为即使出现此警告,一切仍然正常。 Then I found out that IE replaces the content of the hidden iframe AFTER the POST answer (which I can't read and need anyway) with a "#" character.然后我发现 IE 用“#”字符替换了 POST 答案(我无法阅读和需要)之后隐藏的 iframe 的内容。
So my workaround still works even when this warning appears but I would like to know what exactly triggers this warning so maybe I can modify my CORS workaround to get rid of this warning.因此,即使出现此警告,我的解决方法仍然有效,但我想知道究竟是什么触发了此警告,因此也许我可以修改我的 CORS 解决方法以消除此警告。 Any hints?有什么提示吗?
1 个解决方案
解决方案1
9 已采纳 2012-06-16 15:55:20
You can configure the X-XSS-Protection header on your server.您可以在服务器上配置X-XSS-Protection标头。 This will tell IE to disable XSS protection on your site.这将告诉 IE 在您的网站上禁用 XSS 保护。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.