問題描述 CORS

has been blocked by cors policy
the request client is not a secure context
and resource is in more-private address space private

解決方案

同源策略Same-origin policy禁止浏览器跨域访问,解决方法有CORS和JSONP 两种。CORS:Cross-origin resource sharing,用于让网页的受限资源能够被其他域名的页面访问的一种机制。有关Chrome浏览器,跨域调用JS的问题。

跨域资源共享(CORS)是 JSONP 模式的现代版。与 JSONP 不同,CORS 除了 GET 请求方法以外也支持其他的 HTTP 请求。用 CORS 可以让网页设计师用一般的 XMLHttpRequest,这种方式的错误处理比 JSONP 要来的好。另一方面,JSONP 可以在不支持 CORS 的老旧浏览器上运作。现代的浏览器都支持 CORS[12]。

升級服務器端

Update 2021: A few months after I posted this question,
the flag I referenced in my original answer was removed,
and instead of disabling a security feature
I was forced to solve the problem more satisfactorily.Private Network Access (formerly CORS-RFC1918) is
a specification that forbids requests
from less private network resources to more private network resources.
Like HTTP to HTTPS, or a remote host to localhost.The ultimate solution was to add a self-signed certificate,
and Access-Control-* headers,
which enabled requests from my remote dev server
to my localhost webpack-dev-server for assets.

conf.https = {key: readFileSync('./.ssl/cert.key'),cert: readFileSync('./.ssl/cert.crt'),cacert: readFileSync('./.ssl/ca.crt'),
}conf.headers = {'Access-Control-Allow-Private-Network': true,'Access-Control-Allow-Origin': '*',
}

屏蔽客戶端設置

chrome://flags/#block-insecure-private-network-requests

chrome插件Allow-Control-Allow-Origin

临时解决办法,通过chrome网上商店安装插件Allow-Control-Allow-Origin,打开开关即可。

CORS-RFC1918

Private Network Access (formerly known as CORS-RFC1918)
restricts the ability of websites to send requests to servers on private networks.
It allows such requests only from secure contexts.
The specification also extends the Cross-Origin Resource Sharing (CORS) protocol
so that websites now have to explicitly request a grant from servers on private networks
before being allowed to send arbitrary requests.

其它的解決方案

Private Network Access 【https://wicg.github.io/private-network-access/】,通過在MegaCorp 設置上做代理和控制。僅供參考,沒有驗證,希望有能力的同行來補充。

[^1] Chrome CORS error on request to localhost dev server from remote site
[^2] Chrome 安全策略 - 私有網絡控制(CORS-RFC1918)
[^3] Private Network Access update: Introducing a deprecation trial
[^4] 谷歌浏览器(chrome)允许跨域设置的方法 https://junyiseo.com/qita/792.html
[^5] Disable same origin policy in Chrome

blocked by cors policy about CORS-RFC1918相关推荐

  1. Access to XMLHttpRequest at file from origin ‘null‘ has been blocked by CORS policy谷歌浏览器本地打开项目js文件报错

    Access to XMLHttpRequest at 'file:///xxxxx/PQ.BaseInfo.proto' from origin 'null' has been blocked by ...

  2. “http://127.0.0.1:8888' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header”

    axios跨域问题: 会一直报错:"http://127.0.0.1:8848' has been blocked by CORS policy: No 'Access-Control-Al ...

  3. Access to script at ‘xxx‘ from origin ‘null‘ has been blocked by CORS policy: Cross origin requests

    前言 本地调试js时,遇到本错误 Google Chrome 84.0.4147.135 (正式版本) (64 位) (cohort: Stable Installs Only) 修订版本 c42bd ...

  4. springbootajaxhas been blocked by CORS policy: No ‘Access-Control-Allow-Origin

    前些天发现了一个巨牛的人工智能学习网站,通俗易懂,风趣幽默,忍不住分享一下给大家.点击跳转到教程. ajax+springboot解决跨域问题,以下报的错误就是html跨域的问题 Access to ...

  5. 解决浏览器跨域加载本地文件报错 Access to script at ‘xxx‘ from origin ‘null‘ has been blocked by CORS policy

    报错: Failed to load resource: net::ERR_FILE_NOT_FOUND Access to script at 'xxx' from origin 'null' ha ...

  6. 前后端分离跨域问题Access to XMLHttpRequest at ‘http://localhos...has been blocked by CORS policy: No ‘Access-

    完整报错如下: Access to XMLHttpRequest at 'http://localhost:8081/login' from origin 'http://localhost:8084 ...

  7. 解决升级Chrome浏览器之后出现跨域错误:Access to xxx has been blocked by CORS policy: XXXX

    一.错误产生的背景 Google Chrome浏览器升级 1.1 Google Chrome漏洞报告,要求升级 近日,Google Chrome官方发布Google Chrome远程代码执行漏洞(CV ...

  8. 阿里云OSS跨域报错:Access to XMLHttpRequest at ‘...‘ ... blocked by CORS policy: No ‘Access-Control-Allow

    错误标签:阿里云OSS, 跨域请求, No 'Access-Control-Allow-Origin' 浏览器具体报错内容: Access to XMLHttpRequest at 'https:// ...

  9. 海康视频插件启动过程中出现跨域问题has been blocked by CORS policy

    海康视频插件启动过程中出现反复启动 控制台报错:has been blocked by CORS policy: The request client is not a secure context ...

  10. 浏览器预检请求返回400 has been blocked by CORS policy: Response to preflight request doesn’t pass access cont

    这个问题也是很过分头一次遇到,原因是谷歌浏览器在有跨域(CORS)请求时,会先发送一个preflight(预检)请求,之后才会发送fetch请求. CORS:跨源资源共享 (CORS)(或通俗地译为跨 ...

最新文章

  1. 一次完整的从webshell到域控的探索之路
  2. “科研女神”颜宁当选美国科学院外籍院士
  3. 【模板】单源最短路径(弱化版)
  4. SQL Server在存储过程中编写事务处理代码的三种方法
  5. Java方法中的参数太多,第3部分:构建器模式
  6. 如何挑选一款合适的POE工业级交换机?
  7. 轨道车辆垂向振动Matlab建模与仿真,基于matlab/simulink的车辆建模与故障分析
  8. 安卓权威编程指南 挑战练习 20.9 创建多版本主题
  9. 使用Confluence如何输出一份结构清晰 可读性高的测试文档?
  10. Linux下mail服务配置(RHEL5)
  11. java爬虫基础知识,Java网络爬虫基础知识
  12. 分享新作:休闲小游戏『Flying Stone』
  13. 树莓派linux下载机,树莓派打造北邮人种子下载机——下载、做种一条龙全站式教程...
  14. sony android mp3播放器,高音质与流媒体兼具,索尼 NW-ZX500 安卓音乐播放器评测
  15. 树莓派教程 - 1.5 树莓派GPIO库wiringPi 使用硬件串口ttyAMA0与ttyS0
  16. a1465苹果笔记本_苹果笔记本开机“文件夹图标里有个问号”,大神一根线完美修复...
  17. MIT6.828课程JOS在macOS下的环境配置
  18. 百慕大将于下周宣布推出加密货币友好银行
  19. SecureCRT for linux安装教学
  20. (转自zzmseo,只为学习方便)1.1 什么是SEO

热门文章

  1. 酷睿i7 10510u参数 i710510u相当于台式机什么水平 i710510u玩游戏怎么样
  2. 教程:如何解决Github的Your GitHub account, quantum6, will soon require 2FA
  3. 2022阿里4.22算法笔试题
  4. python卡方分箱_机器学习(十六)特征工程之数据分箱
  5. oracle登录提示01034,ORA-01034: ORACLE not available问题
  6. 久等啦!MWC现场精华回顾,正式出炉!
  7. 朴素贝叶斯理论进阶(1)——cs229(4、5)笔记
  8. 如何设定项目中的里程碑?
  9. 【渝粤题库】国家开放大学2021春2712园艺基础题目
  10. 深度净化自来水,还支持即时加热,爱贝源R3桌面净水机体验