icestark icon indicating copy to clipboard operation
icestark copied to clipboard

Published 20 hours ago verified publisher icon ice-lab

测试环境主应用访问本地子应用跨域

Open aak1247 opened this issue 2 years ago • 4 comments

BUG

Access to script at 'http://127.0.0.1:2337/js/index.js' from origin 'http://xxx.test.xxxx.qa' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space local.

aak1247 avatar Dec 05 '22 06:12 aak1247

另外 由于配置了sourceMap,所以如果通过ip访问依然会在sourceMap的作用下访问到localhost,并报错: Access to script at 'http://localhost:2337/js/src_pages_xxxxx_index_tsx-src_pages_xxxx_api_ts--857fc7.js' from origin 'http://xxxx.test.xxx.qa' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space local.

aak1247 avatar Dec 05 '22 06:12 aak1247

workacround: https://stackoverflow.com/questions/69542810/has-been-blocked-by-cors-policy-the-request-client-is-not-a-secure-context-and

FIX: You can either serve the content behind HTTPS, or else in your browser flags (eg chrome://flags) disable Block insecure private network requests

但是可能马上就用不了了 according to https://developer.chrome.com/blog/private-network-access-update/

aak1247 avatar Dec 05 '22 07:12 aak1247

建议:增加主应用在dev/test模式下的配置

Register for the deprecation trial To participate with multiple origins (such as examplepetstore.com and example-pet-store.com), repeat these steps for each origin.

Click Register for the Private Network Access from non-secure contexts origin trial to obtain a trial token for the participating origin. Add the origin-specific Origin-Trial: $token to your response header. This response header need only be set on main resource and navigation responses when the resulting document makes use of the deprecated feature. It is useless (though harmless) to attach this header to subresource responses. Since this trial must be enabled or disabled before a document is allowed to make any requests, it cannot be enabled through a tag. Such tags are only parsed from the response body after subresource requests might have been issued. This presents a challenge for websites not in control of response headers, such as github.io static websites served by a third party.

For more details, see the Web developer guide to origin trials.

aak1247 avatar Dec 05 '22 07:12 aak1247

同样有问题,vue2.0的项目好像不行

wenjayliu avatar Dec 09 '22 08:12 wenjayliu