Cors请求在Excel中工作,但不能在Javascript中工作 [英] Cors request working in Excel but not in Javascript
问题描述
我了解CORS政策,并且由于服务器未设置为接受CORS请求,因此我不能从其他来源下载CSV文件。但是,当从Excel中的VBA发出请求时,服务器似乎非常乐意满足该请求。那么为什么我不能使用Javascript捕获相同的文件呢?
I understand the CORS policy and since the server is not set to accept CORS requests, I should not be able to download the CSV file from a different origin. However the server seems perfectly happy to fullfill the request when it is made from VBA in Excel. So why can't I grab the same file using Javascript?
在Excel中:
Sub transfercsv()
sCSVLink = "https://subdomain.domain.com/specific_page/pending_csv?var=specificLocation"
sfile = "Filename_Specific_Location_" & Year(Date) & "-" & Month(Date) & "-" & Day(Date) & ".csv"
ssheet = "CSV Transfer"
Set wnd = ActiveWindow
Application.ScreenUpdating = False
Sheets(ssheet).Cells.ClearContents
Workbooks.Open Filename:=sCSVLink
Windows("pending_CSV").Activate
ActiveSheet.Cells.Copy
wnd.Activate
Sheet1.Select
Sheets("CSV Transfer").Range("A1").Select
Sheets("CSV Transfer").Paste
Application.DisplayAlerts = False
Windows("pending_CSV").Activate
Windows("pending_CSV").Close False
Application.DisplayAlerts = True
Application.ScreenUpdating = True
Call anotherFunc
End Sub
用JavaScript:
In Javascript:
function displayData(){
//this function takes a csv and displays it as a table in the page
var tabulate = function (data,columns) {
var table = d3.select('body').append('table')
var thead = table.append('thead')
var tbody = table.append('tbody')
thead.append('tr')
.selectAll('th')
.data(columns)
.enter()
.append('th')
.text(function (d) { return d })
var rows = tbody.selectAll('tr')
.data(data)
.enter()
.append('tr')
var cells = rows.selectAll('td')
.data(function(row) {
return columns.map(function (column) {
return { column: column, value: row[column] }
})
})
.enter()
.append('td')
.text(function (d) { return d.value })
return table;
}
//this function actually makes the xhr request and gets the csv
d3.csv('https://subdomain.domain.com/specific_page/pending_csv?var=specificLocation',function (data) {
var columns = ['column_name_1','column_name_2','column_name_3','column_name_4','column_name_5','column_name_6','column_name_7','column_name_8','column_name_9','column_name_10','column_name_11']
tabulate(data,columns)
})
所以上面的Excel代码对我来说没问题,但是上面的JavaScript代码给我带来了安全错误:
So the Excel code above works for me no problem, but the Javascript code above gives me a security error:
跨域请求被阻止:相同的原产地政策不允许在 https://subdomain.domain.com/specific_page/pending_csv?var中读取远程资源= specificLocation 。 (原因:CORS标头 Access-Control-Allow-Origin缺失)。
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://subdomain.domain.com/specific_page/pending_csv?var=specificLocation. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
此外,我无法控制服务器。该应用程序由我公司的另一个团队控制(在不同位置),我感到惊讶的是,CORS生效了,因为我的域名是:mydomain.somebs.domain.com他们的域名是:themdomain.domain.com所以我不能只是接受我的子域在他们的服务器策略中。
Also, I have no control over the server. That app is controlled by a different team at my company(In a different location) I am surprised that CORS is in effect because my domain is: mydomain.somebs.domain.com Theirs is: theirdomain.domain.com So I can't just accept my subdomain in their server policy.
所以应该有一种让我使用Javascript正确获取此资源的方法?
So there should be a way for me to get this resource with Javascript right?
推荐答案
这是因为CORS通常是一种浏览器策略,因此Excel并不关心CORS策略,因为Excel并不真正容易受到浏览器每天面对的情况的影响(虚假网站)运行运行中的javascript来从真实站点中获取数据。)如果您所要做的只是一个一次性的方案,则可以在浏览器中禁用CORS策略,但这不适用于生产网站。
Its because CORS is typically a browser policy, Excel doesn't care about CORS policy because Excel isn't really vulnerable to a scenario that browsers face every day (fake websites running javascript that pulls data from the real site.) If what you're doing is just a one off scenario you can disable CORS policy in your browser, but that won't work for a production website.
我的建议是在服务器端脚本中使用一些php下载CSV,然后打印其内容。
My advice would be to use some php in a server side script to download the CSV and then print its contents..
类似。 ..
<?php
echo file_get_contents('http://otherdomain.com/that_csv_file.csv');
?>
然后将您的JavaScript网址指向现在相同域的php脚本。
Then point your javascript url at your now 'same domain' php script.
这篇关于Cors请求在Excel中工作,但不能在Javascript中工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!