从 <iframe> 发出的 XHR 请求的原始标头为 null带沙箱属性 [英] Origin header null for XHR request made from <iframe> with sandbox attribute
问题描述
我有一个项目,我正在尝试从数据处理程序以制表符分隔值格式下载一些数据,但是,Google Chrome 正在发送 Origin 标头值的空值.
I have a project where I am trying download some data in a tab separated value format from a datahandler however, Google Chrome is sending a null value for the Origin header value.
var url = 'http://server.corp.somebiz.com/DataHandlers/ReportSets.ashx?task=pagerequestsovertime&app=188d1956-c4a7-42f7-9bdd-38f54c14e125&format=tsv';
d3.tsv(url, function(d) {
d.date = parseTime(d.date);
d.close = +d.close;
return d;
}, function(error, data) {
if (error) throw error;
console.log('Do stuff');
});
这是请求中的原始标头:
Here are the raw headers on the request:
GET /DataHandlers/ReportSets.ashx?task=pagerequestsovertime&app=786b5ef3-1389-4890-8004-533fd1f66f16&format=tsv HTTP/1.1
Host: server.corp.somebiz.com
Connection: keep-alive
accept: text/tab-separated-values,*/*
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
这以控制台上的错误结束:
This ends with an error on the console:
XMLHttpRequest cannot load http://server.corp.somebiz.com/DataHandlers/ReportSets.ashx?task=pagere…6ac42b7-ba6f-4be4-b297-758ebc9fe615&start=2/1/2017&end=3/2/2017&format=tsv. The 'Access-Control-Allow-Origin' header has a value 'http://server.corp.somebiz.com' that is not equal to the supplied origin. Origin 'null' is therefore not allowed access.
我不仅要寻找发生这种情况的原因,还要寻找导致 Chrome 向服务器发送空 Origin 标头的条件.
Not only am I looking for the why is this happening, what the conditions are that leads to Chrome sending a null Origin header to the server.
这似乎是 Chrome 特定的问题,因为 Internet Explorer 11 正在向服务器发送正确的 Origin 值.
This seems to be a Chrome specific issue as Internet Explorer 11 is sending the proper Origin value to the server.
更新:添加另一个皱纹,这可能是也可能不是一个促成因素.
Update: To add another wrinkle, that may or may not be a contributing factor.
我在