Microsoft Edge 阻止了发送到同一专用网络 CIDR 中的 IP 的跨域请求 [英] Microsoft Edge blocked cross-domain requests sent to IPs in same private network CIDR

问题描述

$.ajax({
    url: "http://10.13.22.150/req_path",
    success: function(result){
        console.log(result);
    }
});

我想将跨域 XMLHttpRequest 发送到专用网络中的 IP 地址.但是，开发者工具控制台显示以下错误:

I'd like to send Cross-Domain XMLHttpRequest to ip addresses in the private network. However, the following error is shown in developer tools console:

SCRIPT7002:XMLHttpRequest:网络错误 0x2efd，由于错误 00002efd，无法完成操作.

SCRIPT7002: XMLHttpRequest: Network Error 0x2efd, Could not complete the operation due to error 00002efd.

根据 Wireshark 的说法，数据包不是从客户端发送的.我猜该请求被 Microsoft Edge 阻止了此外，我发现只有当 XMLHttpRequest 的 url 和 Edge 客户端的 url 在私网的同一 CIDR 中时，请求才会被阻止.

According to Wireshark, the packet is not sent from client side. I guess the request is blocked by Microsoft Edge Furthermore, I found that the requests are only blocked if the url of XMLHttpRequest and Edge client are in the same CIDR of private network.

Client IP             Request URL            Result
192.168.x.x  send to  192.168.x.x   ->>>>>   X
10.13.x.x    send to  10.13.x.x     ->>>>>   X
10.13.x.x    send to  192.168.x.x   ->>>>>   O

IE11/Chrome/Firefox 等其他浏览器运行良好.这种情况仅在 Microsoft Edge 中显示.有没有关于这个问题的解决方法或解决方案?

Other browsers like IE11 / Chrome / Firefox work just fine. This circumstance is only shown in Microsoft Edge. Is there any workaround or solution about this issue?

推荐答案

来自 了解增强保护模式

私网资源

由于 EPM 未声明 privateNetworkClientServer 功能，因此您的 Intranet 资源可以免受多种类型的跨区域攻击(通常称为Cross-Site-Request-Forgery (CSRF)"和Intranet Port Scanning").Internet 页面无法构建 Intranet 页面、从中加载图像或资源、向它们发送 CORS XHR 请求等.

Because EPM does not declare the privateNetworkClientServer capability, your Intranet resources are protected from many types of cross-zone attacks (usually called "Cross-Site-Request-Forgery (CSRF)" and "Intranet Port Scanning.") Internet pages are not able to frame Intranet pages, load images or resources from them, send them CORS XHR requests, etc.

以上所有似乎都适用于 MS Edge.Edge 唯一缺少的(至少目前是 v20.10240)是安全区域设置.

All of the above seems to apply to MS Edge. The only thing Edge is lacking (at least at this point, v20.10240) is the security zone settings.

我的问题不在于 XMLHttpRequest，而在于尝试在 Internet 页面内的 iframe 中加载 Intranet 页面.解决方法涉及更改我的网络设置 - 请参阅 https://stackoverflow.com/a/32828629

My issue wasn't with the XMLHttpRequest but rather with trying to load an intranet page in an iframe inside the internet page. The workaround involved chanding my network setup - see https://stackoverflow.com/a/32828629

这篇关于Microsoft Edge 阻止了发送到同一专用网络 CIDR 中的 IP 的跨域请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！