堆栈内存溢出
  简体   繁体   English

相同的原始政策,谷歌浏览器,画布和文件://方案

[英]Same origin policy, google chrome, canvas and file:// scheme

 原文  2012-09-25 17:01:35       javascript/ html5/ google-chrome/ cross-domain

问题描述

When trying to read image data from a canvas which was painted an image upon beforehand, Google Chrome raises a cross origin exception (complaining about the canvas being "tainted"). 当尝试从预先绘制图像的画布上读取图像数据时,谷歌浏览器引发了一个交叉起源异常(抱怨画布被“污染”)。 The directory structure is as follows. 目录结构如下。 

/html/base/path
|-- index.html         contains the canvas element, references the script.js
|-- script.js          loads imgs/images.jpg, paints and queries the canvas
`-- imgs/image.jpg

The error occurs only when the page was loaded by the file:// scheme. 仅当页面由file:// scheme加载时才会发生错误。

I wonder whether this is a Chrome bug. 我想知道这是否是一个Chrome bug。 If not, which rules do apply? 如果不是,哪些规则适用? Are there any workarounds? 有没有解决方法?

Unfortunately, off-line viewing is the ultimate use case, so 不幸的是,离线观看是最终的用例,所以

  • the file:// scheme is indispensable file:// scheme是必不可少的
  • there is no control over browser settings at the target system. 无法控制目标系统上的浏览器设置。

3 个解决方案

解决方案1
 3  2012-09-25 17:03:14

Files loaded with file:// are always considered as coming from different domains, this is a feature you can't bypass. 使用file://加载的file://始终被视为来自不同的域,这是您无法绕过的功能。

From the HTML5 spec's definition of Origin : HTML5规范的Origin定义

If a Document was obtained in some other manner (eg a data: URL typed in by the user, a Document created using the createDocument() API, etc) The origin is a globally unique identifier assigned when the Document is created. 如果以某种其他方式获取文档(例如,数据:用户键入的URL,使用createDocument()API创建的文档等)原点是在创建文档时分配的全局唯一标识符。

You can display but you can't analyze or change data read from another file if the loading protocol is file: . 您可以显示但如果加载协议是file:则无法分析或更改从另一个文件读取的数据file:

What I would probably do in your situation (if I understand it correctly from your comments) : I would write a tiny program, that could be released in the external storage media, which would both start an http server and launch a web browser. 在你的情况下可能会做什么(如果我从你的评论中正确理解的话):我会写一个小程序,可以在外部存储介质中发布,这将启动一个http服务器并启动一个Web浏览器。 I would do it in Go (simple to make an http server in two or three lines, native compilation for linux, Mac and Windows, enabling you to provide all needed executables) but other languages can be used too. 会在Go(简单地用两行或三行制作一个http服务器,用于linux,Mac和Windows的原生编译,使你能够提供所有需要的可执行文件)中做到这一点,但也可以使用其他语言。

解决方案2
 3  2012-09-25 17:24:57

Give them instructions for them to start up chrome with the flag --allow-file-access-from-files . 给他们指示他们用标志--allow-file-access-from-files启动chrome。

Other than that, they would need to run a local server instance to avoid the errors. 除此之外,他们需要运行本地服务器实例以避免错误。

解决方案3
 1  2013-10-20 21:31:02

It's a new Chromium security policy in practice. 这是实践中新的Chromium安全策略。 You can't do anything except disabling this policy as stated above by epascarello. 除了epascarello上面所述禁用此政策外,您无法执行任何操作。 Star this bug , they were kind of wishing to loosen this rule. 明星这个错误 ,他们有点希望放松这个规则。

Check this answer also. 也请检查这个答案。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google Chrome浏览器,同源策略杀死Tampermonkey脚本 - Google Chrome, Same-Origin Policy killing Tampermonkey script 在 Chrome 中禁用同源策略 - Disable same origin policy in Chrome 为本地域的Chrome禁用同一来源策略 - Disabling same origin policy for Chrome for local domains 尝试停用Chrome同源策略 - Trying to disable Chrome same origin policy Chrome:为localhost禁用相同的原始策略 - Chrome: Disable same origin policy for localhost Javascript相同来源政策和Google Crome控制台 - Javascript same origin policy and Google crome console 什么是文件 URI 的同源策略? - What is the Same-Origin Policy for File URIs? 外部js文件中的相同原始策略 - same origin policy in external js file 无法解决的CORS问题! 如何在MacOS上禁用Chrome的相同来源策略? - Unresolvable CORS issue! How to disable the same origin policy of Chrome on MacOS? Chrome禁用网络安全相同的来源政策不再有效 - Chrome disable web security same origin policy no more working
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM