CORS 限制也适用于浏览器窗口吗? HTML 编辑器:127.0.0.1:5000,图片编辑器:127.0.0.1:8000。发回 img 结果会导致 CORS
我在 127.0.0.1:5000 上有一个编辑页面的应用程序(html 代码) 如果我需要使用专门的编辑器编辑该页面上的图片,我选择图片,然后启动对 127.0.0.1:8000/picture_editor?picture_url="127.0.0.1:5000/static/uploads/picture.jpg 的调用
到目前为止一切都很好,我可以编辑图片,并且我有代码应该将结果发送回父窗口并将更改集成到编辑器中 问题是这会触发 CORS(跨源资源共享)安全异常并且调用未完成以下是错误:svg-editor.html?picture_url=http://127.0.0.1:5000/static/uploads/picture.jpg&width=225&height=276:64 未捕获的 DOMException:阻止了来源为“http://”的框架/localhost:8000" 访问跨域框架。
我有什么选择来处理这个问题?有什么办法可以解决这个问题吗?这并不是真正的 CORS 站点到站点,而是浏览器不允许在属于不同站点的两个窗口之间进行通信(尽管只有端口不同)
我的应用程序是一个 Flask 应用程序,我已经在那里启用了 CORS
app = Flask(__name__)
cors = CORS(app, resources={r"*": {"origins": "*"}})
但浏览器仍然报告以上错误。
I have a app on 127.0.0.1:5000 that edits a page (html code)
If I need to edit a picture on that page using a specialized editor I select the picture and then I fire up a call to 127.0.0.1:8000/picture_editor?picture_url="127.0.0.1:5000/static/uploads/picture.jpg
All good so far, I am able to edit the picture and I have code that should send the results back to the parent window and integrate the changes in the editor
The problem is that this triggers a CORS (cross origins resource sharing) security exception and the call does not complete Here is the error:svg-editor.html?picture_url=http://127.0.0.1:5000/static/uploads/picture.jpg&width=225&height=276:64 Uncaught DOMException: Blocked a frame with origin "http://localhost:8000" from accessing a cross-origin frame.
What are my options to deal with this ? Is there any way to deal with this ? This is not really CORS site to site but rather the browser not allowing the communication betweek two windows that belong to different sites (although only the port differs)
My app is a flask application and I already enabled CORS there
app = Flask(__name__)
cors = CORS(app, resources={r"*": {"origins": "*"}})
But the browser is still reporting the above error.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
是的,CORS实际上是专门的,并且不允许从浏览器窗口访问一个站点的代码与另一个站点加载的另一个窗口中的代码进行交互
就我的问题而言,我发现编辑器具有可以加载的ES6版本,而无需运行节点服务器(在我的情况下,在端口8000上运行的服务器)
可以使用for Blask and node.js的CORS设置。事实证明,这是不足的(以上无法解决我的问题),事实证明我很难在node.js上做到这一点,我对此一无所知
Yes CORS has is actually specifically about this and it does not allow the code from a browser window accessing one site to interact with the code in another window that was loaded from another site
As far as my problem goes I found that the editor has an ES6 version that can be loaded without running the Node server (in my case the server running on port 8000)
Toying with the CORS setttings for flask and Node.js (have no clue how to do that) proved to be insufficient for Flask (the above did not solve my problem) and proved to be too difficult for me to do it on Node.js which I do not know anything about