Cors请求在Excel中工作，但不能在Javascript中工作 [英] Cors request working in Excel but not in Javascript

问题描述

我了解CORS政策，并且由于服务器未设置为接受CORS请求，因此我不能从其他来源下载CSV文件。但是，当从Excel中的VBA发出请求时，服务器似乎非常乐意满足该请求。那么为什么我不能使用Javascript捕获相同的文件呢？

I understand the CORS policy and since the server is not set to accept CORS requests, I should not be able to download the CSV file from a different origin. However the server seems perfectly happy to fullfill the request when it is made from VBA in Excel. So why can't I grab the same file using Javascript?

在Excel中：

Sub transfercsv()
sCSVLink = "https://subdomain.domain.com/specific_page/pending_csv?var=specificLocation"
sfile = "Filename_Specific_Location_" & Year(Date) & "-" & Month(Date) & "-" & Day(Date) & ".csv"
ssheet = "CSV Transfer"
Set wnd = ActiveWindow
Application.ScreenUpdating = False
Sheets(ssheet).Cells.ClearContents
Workbooks.Open Filename:=sCSVLink
Windows("pending_CSV").Activate
ActiveSheet.Cells.Copy
wnd.Activate
Sheet1.Select
Sheets("CSV Transfer").Range("A1").Select
Sheets("CSV Transfer").Paste
Application.DisplayAlerts = False
Windows("pending_CSV").Activate
Windows("pending_CSV").Close False
Application.DisplayAlerts = True
Application.ScreenUpdating = True
Call anotherFunc
End Sub

用JavaScript：

In Javascript:

function displayData(){
    //this function takes a csv and displays it as a table in the page
  var tabulate = function (data,columns) {
      var table = d3.select('body').append('table')
        var thead = table.append('thead')
        var tbody = table.append('tbody')
        thead.append('tr')
          .selectAll('th')
            .data(columns)
            .enter()
          .append('th')
            .text(function (d) { return d })
        var rows = tbody.selectAll('tr')
            .data(data)
            .enter()
          .append('tr')
        var cells = rows.selectAll('td')
            .data(function(row) {
                return columns.map(function (column) {
                    return { column: column, value: row[column] }
              })
          })
          .enter()
        .append('td')
          .text(function (d) { return d.value })
      return table;
    }
    //this function actually makes the xhr request and gets the csv
    d3.csv('https://subdomain.domain.com/specific_page/pending_csv?var=specificLocation',function (data) {
        var columns = ['column_name_1','column_name_2','column_name_3','column_name_4','column_name_5','column_name_6','column_name_7','column_name_8','column_name_9','column_name_10','column_name_11']
      tabulate(data,columns)
    })

所以上面的Excel代码对我来说没问题，但是上面的JavaScript代码给我带来了安全错误：

So the Excel code above works for me no problem, but the Javascript code above gives me a security error:

跨域请求被阻止：相同的原产地政策不允许在 https://subdomain.domain.com/specific_page/pending_csv?var中读取远程资源= specificLocation 。 （原因：CORS标头 Access-Control-Allow-Origin缺失）。

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://subdomain.domain.com/specific_page/pending_csv?var=specificLocation. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

此外，我无法控制服务器。该应用程序由我公司的另一个团队控制（在不同位置），我感到惊讶的是，CORS生效了，因为我的域名是：mydomain.somebs.domain.com他们的域名是：themdomain.domain.com所以我不能只是接受我的子域在他们的服务器策略中。

Also, I have no control over the server. That app is controlled by a different team at my company(In a different location) I am surprised that CORS is in effect because my domain is: mydomain.somebs.domain.com Theirs is: theirdomain.domain.com So I can't just accept my subdomain in their server policy.

所以应该有一种让我使用Javascript正确获取此资源的方法？

So there should be a way for me to get this resource with Javascript right?

推荐答案

这是因为CORS通常是一种浏览器策略，因此Excel并不关心CORS策略，因为Excel并不真正容易受到浏览器每天面对的情况的影响（虚假网站）运行运行中的javascript来从真实站点中获取数据。）如果您所要做的只是一个一次性的方案，则可以在浏览器中禁用CORS策略，但这不适用于生产网站。

Its because CORS is typically a browser policy, Excel doesn't care about CORS policy because Excel isn't really vulnerable to a scenario that browsers face every day (fake websites running javascript that pulls data from the real site.) If what you're doing is just a one off scenario you can disable CORS policy in your browser, but that won't work for a production website.

我的建议是在服务器端脚本中使用一些php下载CSV，然后打印其内容。

My advice would be to use some php in a server side script to download the CSV and then print its contents..

类似。 ..

<?php
echo file_get_contents('http://otherdomain.com/that_csv_file.csv');
?>

然后将您的JavaScript网址指向现在相同域的php脚本。

Then point your javascript url at your now 'same domain' php script.

这篇关于Cors请求在Excel中工作，但不能在Javascript中工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！