了解UPnP / DLNA浏览上的CORS [英] Understanding CORS on UPnP/DLNA browsing
问题描述
我一直在玩自己的UPNP / DLNA浏览。
我所设法做的是一个基于shell脚本的方法,使用curl查询服务器和xsl处理,使html页面的答案。
接下来我想我可以将所有这一切构建到javascript /种互动浏览器页面。但现在我打CORS的问题,因为请求是由浏览器预检(他们没有预检,当使用curl和服务器没有CORS,只是UPnP)。
一些最简单的代码试图获取upnp树的根:...
< html>
< head>
< script language =javascript>
function newx(){
var h = new XMLHttpRequest();
h.open(POST,http:// hcds6106:50001 / ContentDirectory / control,true);
h.onreadystatechange = processme;
h.setRequestHeader(SOAPACTION,'urn:schemas-upnp-org:service:ContentDirectory:1#Browse');
h.setRequestHeader(Content-Type,text / xml; charset ='utf-8');
h.send('<?xml version =1.0encoding =utf-8?>< s:Envelope xmlns:ns0 =urn:schemas-upnp-org: service:ContentDirectory:1s:encodingStyle =http://schemas.xmlsoap.org/soap/encoding/xmlns:s =http://schemas.xmlsoap.org/soap/envelope/> s:Body>
function processme()
{
alert(this.status);
}
< / script> ;.
< / head>
< body onload =newx();/>
< / html>
清楚地浏览器(Firefox 47.0)hits
跨原始请求被阻止:同源策略不允许在http:// hcds6106:50001 / ContentDirectory / control读取远程资源
。
(原因:CORS头'Access-Control-Allow-Origin'缺失)。
在这种情况下,我可以告诉我的浏览器跳过CORS的东西,是不是为它?对于Firefox或任何其他常见的UserAgent?我不能相信它可以这么简单没有浏览器,几乎不可能得到它互动内部浏览器.... TIA!
有没有什么合理的方法可以告诉我的浏览器跳过CORS的东西在这种情况下,因为服务器不是为它?
否。
如果可能,我可以告诉浏览器我的网站的访问者跳过CORS的东西,让我从他们的网上银行和网络邮件服务以及他们的公司内部网上读取他们的数据。
I've been playing around with home-grown UPNP/DLNA Browsing.
What I manage to do is a shell script based approach using curl to query the Server and xsl processing to make html pages out of the answers.
Next I thought I could build all this into javascript/kind of interactive browser page. But now I hit the CORS issue as the requests are preflighted by the browser (they are not preflighted when using curl and the server speaks no CORS, just UPnP). Some simplest code trying to get the root of the upnp tree:...
<html>
<head>
<script language="javascript">
function newx() {
var h = new XMLHttpRequest();
h.open("POST", "http://hcds6106:50001/ContentDirectory/control", true);
h.onreadystatechange = processme;
h.setRequestHeader("SOAPACTION",'"urn:schemas-upnp-org:service:ContentDirectory:1#Browse"');
h.setRequestHeader("Content-Type", "text/xml; charset='utf-8'");
h.send('<?xml version="1.0" encoding="utf-8"?><s:Envelope xmlns:ns0="urn:schemas-upnp-org:service:ContentDirectory:1" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><ns0:Browse><ObjectID></ObjectID><BrowseFlag>BrowseDirectChildren</BrowseFlag><Filter>*</Filter><StartingIndex>0</StartingIndex><RequestedCount>0</RequestedCount><SortCriteria /></ns0:Browse></s:Body></s:Envelope>');
}
function processme()
{
alert(this.status);
}
</script>
</head>
<body onload="newx();"/>
</html>
Clearly the browser (Firefox 47.0) hits
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at http://hcds6106:50001/ContentDirectory/control.
(Reason: CORS header 'Access-Control-Allow-Origin' missing).
Is there any reasonable way I can tell my browser to skip the CORS stuff in this case because the server was not made for it? For Firefox or any other common UserAgent? I can't believe it can be so simple without a browser and close to impossible to get it interactive inside browser.... TIA!
Is there any reasonable way I can tell my browser to skip the CORS stuff in this case because the server was not made for it?
No.
If it was possible, then I could tell the browsers of visitors to my website to skip the CORS stuff and let me read their data from their online banking and webmail services as well as their company intranet.
这篇关于了解UPnP / DLNA浏览上的CORS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
