试图访问iframe的内容(不同的子域);试图建立CORS [英] Attempting to access iframe contents (different subdomain); tried setting up CORS
问题描述
我主持一个文件,在 domain.com
,其中包含一个iframe的文件驻留在 s3.domain.com
。我试图访问该iframe的内容,但我收到以下内容:
I am hosting a file at domain.com
, which contains an iframe whose document is hosted on s3.domain.com
. I am attempting to access the contents of the iframe, however am receiving the following:
不安全的JavaScript尝试访问框架与URL HTTP://s3.domain。从帧网址 href="http://domain.com/" rel="nofollow"> http://domain.com/。域,协议和端口必须匹配。
Unsafe JavaScript attempt to access frame with URL http://s3.domain.com.s3.amazonaws.com/file.html from frame with URL http://domain.com/. Domains, protocols and ports must match.
我明白这样做的原因。我发现两种解决。
I understand the reason for this. I've found two work arounds.
- 由于我自己的这两份文件,我可以设置域属性允许像这样的访问:
的document.domain ='domain.com';
- 使用CORS允许访问的文件,这是一个S3桶中托管
我会preFER要做到这一点,但我有麻烦这样做。 挖斗我CORS的配置文件,目前看起来是这样的:
I would prefer to do this, however am having trouble doing so. My CORS configuration file for the bucket currently looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
</CORSRule>
</CORSConfiguration>
这是静止的,但是,产生的误差。我敢肯定,我失去了一些东西,但我不知道是什么。
This is still, however, resulting in the error. I'm sure I'm missing something, however am not sure what.
任何意见将是AP preciated。 谢谢你。
Any advice would be appreciated. Thanks.
推荐答案
通过CORS浏览器通常会做一个preflight要求(选项
法)。也许你将不得不让所有的标题,以及以确保适当的preflight请求处理:
With CORS browsers will usually do a preflight request (OPTIONS
method). Probably you will have to allow all headers as well to ensure proper preflight request handling:
<AllowedHeader>*</AllowedHeader>
参见这里。
这篇关于试图访问iframe的内容(不同的子域);试图建立CORS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!