使用谷歌 Chrome 浏览器进行跨域调用接口测试,报错下图:
Access to XMLHttpRequest at 'http://192.168.50.227:9200/' from origin 'http://www.xxx.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `private`. 解决方案
在浏览器导航栏输入如下:
将 Block insecure private network requests. 禁用,也就是修成成 disabled 重启浏览器。
Prevents non-secure contexts from making sub-resource requests to more-private IP addresses. An IP address IP1 is more private than IP2 if 1) IP1 is localhost and IP2 is not, or 2) IP1 is private and IP2 is public. This is a first step towards full enforcement of CORS-RFC1918: https://wicg.github.io/cors-rfc1918 – Mac, Windows, Linux, Chrome OS, Android
防止非安全上下文向更多专用IP地址发出子资源请求。如果1)IP1是本地主机而IP2不是,或者2)IP1是私有的而IP2是公共的,则IP地址IP1比IP2更私有。这是全面实施CORS-RFC1918的第一步:https://wicg.github.io/cors-rfc1918 –Mac、Windows、Linux、Chrome操作系统、Android
我自己的理解:谷歌 Chrome 浏览器目的可能是为了安全考虑,为了防止访问一些外部网站直接遍历扫描局域网的主机,如果安装在局域网的某些服务器安装了一些服务爆出了漏洞,并允许跨域访问,这样外部网站就可以通过漏洞向局域网有漏洞的服务发起攻击。
(完)
|