blocked by cors policy about CORS-RFC1918,或者local

2021-11-03 14:35:17

报错信息 has been blocked by CORS policy: The request client is not a secure context

the resource is in more-private address space `private`

之前用的好好的,突然就出错了。

我一猜就是google浏览器升级引起的问题,加深了安全机制。

但是我不知道怎么操作。

浪费了半天,终于找到解决办法了。

一开始的时间事再解决替换的js在chrome控制台监控网络的时候提示 

Failed to load response data: No content available beacase thie request was redirected

一直在上面费工夫解决问题了

其实操作正确与否,都会是这样的提示,记得看console里面的报错。解决了问题。


参考连接 blocked by cors policy about CORS-RFC1918

参考地址2 https://wicg.github.io/private-network-access/



問題描述

has been blocked by cors policy 

the request client is not a secure context 

and resource is in more-private address space private

1

2

3

解決方案

升級服務器端

Update 2021: A few months after I posted this question, 

the flag I referenced in my original answer was removed, 

and instead of disabling a security feature 

I was forced to solve the problem more satisfactorily.


Private Network Access (formerly CORS-RFC1918) is 

a specification that forbids requests 

from less private network resources to more private network resources. 

Like HTTP to HTTPS, or a remote host to localhost.


The ultimate solution was to add a self-signed certificate, 

and Access-Control-* headers, 

which enabled requests from my remote dev server 

to my localhost webpack-dev-server for assets.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

conf.https = {

  key: readFileSync('./.ssl/cert.key'),

  cert: readFileSync('./.ssl/cert.crt'),

  cacert: readFileSync('./.ssl/ca.crt'),

}


conf.headers = {

  'Access-Control-Allow-Private-Network': true,

  'Access-Control-Allow-Origin': '*',

}

1

2

3

4

5

6

7

8

9

10

屏蔽客戶端設置

chrome://flags/#block-insecure-private-network-requests



CORS-RFC1918

Private Network Access (formerly known as CORS-RFC1918) 

restricts the ability of websites to send requests to servers on private networks. 

It allows such requests only from secure contexts. 

The specification also extends the Cross-Origin Resource Sharing (CORS) protocol 

so that websites now have to explicitly request a grant from servers on private networks 

before being allowed to send arbitrary requests.

1

2

3

4

5

6



其它的解決方案

Private Network Access 【https://wicg.github.io/private-network-access/】,通過在MegaCorp 設置上做代理和控制。僅供參考,沒有驗證,希望有能力的同行來補充。


[^1] Chrome CORS error on request to localhost dev server from remote site

[^2] Chrome 安全策略 - 私有網絡控制(CORS-RFC1918)

[^3] Private Network Access update: Introducing a deprecation trial

————————————————

版权声明:本文为CSDN博主「MyFreeIT」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。

原文链接:https://blog.csdn.net/MyFreeIT/article/details/120437772


  • 精彩推荐

  • 2020-12-17 09:01:23

    对BitTorrent Tracker源码分析

    tracker服务器是BT下载中必须的角色。一个BT client 在下载开始以及下载进行的过程中,要不停的与 tracker 服务器进行通信,以报告自己的信息,并获取其它下载client的信息。这种通信是通过 HTTP 协议进行的,又被称为 tracker HTTP 协议,它的过程是这样的: client 向 tracker 发一个HTTP 的GET请求,并把它自己的信息放在GET的参数中;这个请求的大致意思是:我是xxx(一个唯一的id),我想下载yyy文件,我的ip是aaa,我用的端口是bbb。。。

  • 2020-12-17 10:55:48

    html5 video p2p research

    节约带宽,减少缓冲时间,提升服务质量,处理峰值流量, 视频观看的人越多,播放越流畅。

  • 2020-12-17 10:57:34

    使用 MediaSource 搭建流式播放器

    Media Source Extensions(媒体源扩展)大大地扩展了浏览器的媒体播放功能,提供允许JavaScript 生成媒体流。这可以用于自适应流(adaptive streaming,也是我毕设的研究方向)及随时间变化的视频直播流(live streaming)等应用场景。

  • 2020-12-17 11:00:37

    H5流式播放(FMP4转封装与mediaSource)

    W3C上有明确关于mediaSource 扩展接口的文档。mediaSource 扩展文档中是这么定义的, 它允许JS脚本动态构建媒体流用于和,允许JS传送媒体块到H5媒体元素。这种接口的应用可以让h5播放器实现持续添加数据进行播放。做as的朋友都知道as中的appendBytes方法,一种添加二进制数据进行播放的方式。这两种接口在概念上是类似的。只是里面的定义和对媒体文件的要求有所不同。对于mediaSource扩展接口我只介绍我们主要应用的几个。

  • 2020-12-18 17:15:29

    coTurn stun服务器搭建,禁用turn

    https://github.com/coturn/coturn 在这里git clone 下来然后编译安装,一切默认即可。编译后,也可以不用安装。在编译目录下bin文件夹下有turnserver turnutils_stunclient turnutils_uclient 这三个等一下会用到的软件。

  • 2020-12-18 17:26:25

    coturn配置文件详细解释

    Coturn 是webrtc,p2p视频通话必不少的,主要包含2个主要功能stun服务, turn服务 Coturn 的githup地址为 https://github.com/coturn/coturn/