报错信息 has been blocked by CORS policy: The request client is not a secure context
the resource is in more-private address space `private`
之前用的好好的,突然就出错了。
我一猜就是google浏览器升级引起的问题,加深了安全机制。
但是我不知道怎么操作。
浪费了半天,终于找到解决办法了。
一开始的时间事再解决替换的js在chrome控制台监控网络的时候提示
Failed to load response data: No content available beacase thie request was redirected
一直在上面费工夫解决问题了
其实操作正确与否,都会是这样的提示,记得看console里面的报错。解决了问题。
参考连接 blocked by cors policy about CORS-RFC1918
参考地址2 https://wicg.github.io/private-network-access/
問題描述
has been blocked by cors policy
the request client is not a secure context
and resource is in more-private address space private
1
2
3
解決方案
升級服務器端
Update 2021: A few months after I posted this question,
the flag I referenced in my original answer was removed,
and instead of disabling a security feature
I was forced to solve the problem more satisfactorily.
Private Network Access (formerly CORS-RFC1918) is
a specification that forbids requests
from less private network resources to more private network resources.
Like HTTP to HTTPS, or a remote host to localhost.
The ultimate solution was to add a self-signed certificate,
and Access-Control-* headers,
which enabled requests from my remote dev server
to my localhost webpack-dev-server for assets.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
conf.https = {
key: readFileSync('./.ssl/cert.key'),
cert: readFileSync('./.ssl/cert.crt'),
cacert: readFileSync('./.ssl/ca.crt'),
}
conf.headers = {
'Access-Control-Allow-Private-Network': true,
'Access-Control-Allow-Origin': '*',
}
1
2
3
4
5
6
7
8
9
10
屏蔽客戶端設置
chrome://flags/#block-insecure-private-network-requests
CORS-RFC1918
Private Network Access (formerly known as CORS-RFC1918)
restricts the ability of websites to send requests to servers on private networks.
It allows such requests only from secure contexts.
The specification also extends the Cross-Origin Resource Sharing (CORS) protocol
so that websites now have to explicitly request a grant from servers on private networks
before being allowed to send arbitrary requests.
1
2
3
4
5
6
其它的解決方案
Private Network Access 【https://wicg.github.io/private-network-access/】,通過在MegaCorp 設置上做代理和控制。僅供參考,沒有驗證,希望有能力的同行來補充。
[^1] Chrome CORS error on request to localhost dev server from remote site
[^2] Chrome 安全策略 - 私有網絡控制(CORS-RFC1918)
[^3] Private Network Access update: Introducing a deprecation trial
————————————————
版权声明:本文为CSDN博主「MyFreeIT」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/MyFreeIT/article/details/120437772