直接来自 GitHub 的热链接资源，如 JavaScript 文件 [英] Hotlink resources like JavaScript files directly from GitHub

问题描述

我问了一个关于包含来自 GitHub 的资源的问题，答案是使用原始链接:

I asked a question about including resources from GitHub and the answer was to use the raw link:

https://raw.github.com/username/repository/branch/file.js

我正在尝试使用以下方法包含脚本:

I am trying to include a script using:

<script
   type="text/javascript"
   src="https://raw.github.com/username/repo/master/src/file.js"
></script>

但我收到以下错误:

拒绝执行来自 'https://raw.github 的脚本.com/username/repo/master/src/file.js' 因为它的 MIME 类型('text/plain')不可执行，并且启用了严格的 MIME 类型检查.

Refused to execute script from 'https://raw.github.com/username/repo/master/src/file.js' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.

是否有其他方法可以修复此错误?

Are there any alternatives to fix this error?

我不在生产中使用它，而是用于演示页面:

I don't use this in the production but for a demo page:

project-repository-from-github
  ├─ master
  │   ├─ src
  │   │   └─ my-jQuery-plugin.js
  │   └─ README.md
  └─ gh-pages
      ├─ css
      │   └─ style.css
      └─ index.html

在 index.html 页面中，我想要最新版本的 my-jQuery-plugin.js.因此，我会将原始 URL 包含到脚本中.

In the index.html page I want to have the latest build of my-jQuery-plugin.js. So, I would include the raw URL to the script.

如何修复错误?

推荐答案

是的，Github 在 2013 年 4 月改变了这个:

Yes, Github changed this in April, 2013:

早在 2011 年，我们就将 X-Content-Type-Options: nosniff 标头添加到我们的原始 URL 响应中，作为打击盗链的第一步.这会强制浏览器根据 Content-Type 标头处理内容.这意味着当我们为文件的原始视图设置 Content-Type: text/plain 时，浏览器将拒绝将该文件视为 JavaScript 或 CSS.

We added the X-Content-Type-Options: nosniff header to our raw URL responses way back in 2011 as a first step in combating hotlinking. This has the effect of forcing the browser to treat content in accordance with the Content-Type header. That means that when we set Content-Type: text/plain for raw views of files, the browser will refuse to treat that file as JavaScript or CSS.

但是由于 http://combinatronics.com/，我们可以包含 GH 脚本.唯一的变化是从 raw.github.com 变成了 combinatronics.com:

But thanks to http://combinatronics.com/ we can include GH scripts. The only change is from raw.github.com that becomes combinatronics.com:

<script
   type="text/javascript"
   src="https://combinatronics.com/username/repo/master/src/file.js"
></script>

该项目托管在开源的 Github 上.

是的，@Lix 是正确的.这些文件不是来自 Github，而是来自 combinatronics.

And yes, @Lix is correct. The files are not being served from Github but from combinatronics.

我发现的另一个解决方法是:

Another workaround I found is that instead of:

<script
   type="text/javascript"
   src="https://combinatronics.com/username/repo/master/src/file.js"
></script>

你可以使用 $.getScript jQuery 函数:

you can use $.getScript jQuery function:

<script>
  $.getScript("https://combinatronics.com/username/repo/master/src/file.js", function () {
    /* do something when loaded */
  });
</script>

这篇关于直接来自 GitHub 的热链接资源，如 JavaScript 文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！