文件网址Chrome中的跨域问题 - 意外 [英] File Url Cross Domain Issue in Chrome- Unexpected

问题描述

问题是关于使用文件url时Chrome引发跨域错误

The issue is about Chrome throwing Cross Domain Error on using file url

我使用带有data属性的object标记将svg文档嵌入到HTML中相对路径的形式，onload事件我想使用getSVGDocument（）获取SVGDocument。

I am embedding a svg document into a HTML using the object tag with the data attribute in the form of relative path, upon onload event I want to get the SVGDocument using getSVGDocument().

我使用文件url访问html文件，当调用getSVGDocument时，Chrome给出跨域错误。 Chrome实际上嵌入了SVG，但getSVGDocument不返回SVG的DOM

I am accessing the html file using file url, when getSVGDocument is called, Chrome gives a Cross Domain Error. Chrome actually does embed the SVG but getSVGDocument does not return the DOM for the SVG

Chrome错误是
不安全的JavaScript尝试使用URL文件访问框架： ///C:/MyFiles/website/Dir1/a.svg from frame with URL file：/// C：/MyFiles/website/Dir1/index.html域，协议和端口必须匹配。

The Chrome Error is "Unsafe JavaScript attempt to access frame with URL file:///C:/MyFiles/website/Dir1/a.svg from frame with URL file:///C:/MyFiles/website/Dir1/index.html Domains, protocols and ports must match."

您可能会看到基本路径对于html和嵌入式文档svg都是相同的，那么为什么Chrome会抛出此错误？

As you may see the base path is same for both the html and the embedded document svg, so why does Chrome throw this error ?

推荐答案

您正在使用Chrome的跨域/文件安全限制。

You are hitting the cross domain/file security limitations of Chrome.

您可以按照在Chrome中停用同源策略，并在如何访问和Chrome中的原始策略没有使用服务器关于如何关闭这些设置来启动Chrome。

You can, disable this by following the instructions in Disable same origin policy in Chrome and details in How can access and the origin policy in chrome as I'm not using a server on how to start Chrome with these turned off.

这是一个警告词，但它们被称为安全限制所以在浏览第三方网站时不要应用此原因。 是非常危险的。例如，关闭此功能后，我们可以代表您向gmail.com，Facebook .com和yourbank.com，您的cookies将被设置为允许我自己伪装为自己。

A word of warning, though: they are called "security limitations" for a reason so do not go applying this when browsing 3rd party sites. This is extremely dangerous to turn off whilst browsing the web normally. For example, with this turned off I can now make requests on your behalf to sites like gmail.com, facebook.com and yourbank.com, and your cookies will be set allowing me to masquerade as yourself.

如果你仍然真的需要这个，你需要运行chrome与 - disable-web-security 标志：

If you still really need this, you need to run chrome with the --disable-web-security flag:

chrome --disable-web-security # unix/linux only

如果您需要有关如何应用标志的交叉操作系统说明，请参阅 http://www.chromium.org/developers/how- tos / run-chromium-with-flags 。

If you need cross OS instructions on how to apply the flag, see http://www.chromium.org/developers/how-tos/run-chromium-with-flags.

这篇关于文件网址Chrome中的跨域问题 - 意外的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！