Chrome 中的文件 URL 跨域问题 - 意外 [英] File Url Cross Domain Issue in Chrome- Unexpected

问题描述

问题是关于 Chrome 在使用文件 url 时抛出跨域错误

The issue is about Chrome throwing Cross Domain Error on using file url

我正在使用对象标记以相对路径的形式将 svg 文档嵌入到 HTML 中，并且在 onload 事件中我想使用 getSVGDocument() 获取 SVGDocument.

I am embedding a svg document into a HTML using the object tag with the data attribute in the form of relative path, upon onload event I want to get the SVGDocument using getSVGDocument().

我正在使用文件 url 访问 html 文件，当调用 getSVGDocument 时，Chrome 出现跨域错误.Chrome 实际上确实嵌入了 SVG，但 getSVGDocument 不返回 SVG 的 DOM

I am accessing the html file using file url, when getSVGDocument is called, Chrome gives a Cross Domain Error. Chrome actually does embed the SVG but getSVGDocument does not return the DOM for the SVG

Chrome 错误是不安全的 JavaScript 尝试从带有 URL 文件的框架访问带有 URL 文件:///C:/MyFiles/website/Dir1/a.svg 的框架://C:/MyFiles/website/Dir1/index.html 域、协议和端口必须匹配."

The Chrome Error is "Unsafe JavaScript attempt to access frame with URL file:///C:/MyFiles/website/Dir1/a.svg from frame with URL file:///C:/MyFiles/website/Dir1/index.html Domains, protocols and ports must match."

如您所见，html 和嵌入文档 svg 的基本路径相同，那么 Chrome 为什么会抛出此错误?

As you may see the base path is same for both the html and the embedded document svg, so why does Chrome throw this error ?

推荐答案

您遇到了 Chrome 的跨域/文件安全限制.

You are hitting the cross domain/file security limitations of Chrome.

您可以按照在 Chrome 中禁用同源策略 和 如何在 chrome 中访问和源策略，因为我没有使用服务器 关于如何在关闭这些的情况下启动 Chrome.

You can, disable this by following the instructions in Disable same origin policy in Chrome and details in How can access and the origin policy in chrome as I'm not using a server on how to start Chrome with these turned off.

但是有一句警告:它们被称为安全限制"是有原因的，所以在浏览 3rd 方网站时不要去应用它.在正常浏览网页时关闭此功能极其危险.例如，关闭此功能后，我现在可以代表您向 gmail.com、facebook 等网站发出请求.com 和 yourbank.com，您的 cookie 将设置为允许我伪装成您自己.

A word of warning, though: they are called "security limitations" for a reason so do not go applying this when browsing 3rd party sites. This is extremely dangerous to turn off whilst browsing the web normally. For example, with this turned off I can now make requests on your behalf to sites like gmail.com, facebook.com and yourbank.com, and your cookies will be set allowing me to masquerade as yourself.

如果你真的需要这个，你需要运行带有 --disable-web-security 标志的 chrome:

If you still really need this, you need to run chrome with the --disable-web-security flag:

chrome --disable-web-security # unix/linux only

如果您需要有关如何应用标志的跨操作系统说明，请参阅 http://www.chromium.org/developers/how-tos/run-chromium-with-flags.

If you need cross OS instructions on how to apply the flag, see http://www.chromium.org/developers/how-tos/run-chromium-with-flags.

这篇关于Chrome 中的文件 URL 跨域问题 - 意外的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！