【发布时间】:2019-12-12 20:22:40
【问题描述】:
嘿,我得到了错误:
Cross-Origin Read Blocking (CORB) blocked cross-origin response ... with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
我已经尝试了很多在 stackoverflow 上找到的修复,但都没有解决这个问题。
这是我目前所在的位置:
我已经使用以下配置安装了 barryvdh/laravel-cors:
'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedOriginsPatterns' => ['*'],
'allowedHeaders' => ['*'],
'allowedMethods' => ['*'],
'exposedHeaders' => [],
'maxAge' => 0,
我正在控制器中加载中间件:
public function __construct()
{
$this->middleware('cors');
}
public function code($id)
{
$domain = \App\Domain::where('id', $id)->first();
return view('code',compact('domain'));
}
它是在我的 Kernel.php 中定义的
protected $routeMiddleware = [
...
'cors' => \Barryvdh\Cors\HandleCors::class,
];
如果我从终端尝试,这是我得到的 curl 响应
HTTP/2 200
server: nginx/1.15.5
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Mon, 05 Aug 2019 10:06:08 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6Im05MnZ5K2IwS3Q3SnhQSDZ2a3lNMkE9PSIsInZhbHVlIjoia0RSZ1o2XC9IYkNTS3J2YlI2SWtrZUxXa2JSUThUcUhoR2FqSmN1aTYwZEpxQmp4ak5ORGJiRlQwdFJPNERlM0kiLCJtYWMiOiI2ZGJmMjFiMWM2OWQ0MDdkMDdjNWI5NTMyNGMzOTFhMmU4NGFiMjc2Zjg3NjExMjU0ZGM1M2MwODRiODI0MzZmIn0%3D; expires=Mon, 05-Aug-2019 12:06:08 GMT; Max-Age=7200; path=/
set-cookie: laravel_session=eyJpdiI6InZGekJCV2VUbEd0OFdpVWdzd0pzcXc9PSIsInZhbHVlIjoiXC9jb1JTTnJGV1FlNDhiVzB5dE43NnZCdHlaYlR6ZU82Wk1BclR5bWtVbUpZYWtGRTRGNDF3OEMrZ3J6eDJ1WFgiLCJtYWMiOiIwODE3YTY5NzZlNmQ2NTYzZjhhZWFkY2VjZTYxNGY2NmI1MDk4ZWM5MGE2Y2Q5MWI3N2UzMjEzMGFhNDVmZjA0In0%3D; expires=Mon, 05-Aug-2019 12:06:08 GMT; Max-Age=7200; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
这就是我尝试加载页面的方式
function loadContent(url)
{
var xmlhttp;
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("content").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET",url,true);
xmlhttp.send();
}
document.addEventListener('DOMContentLoaded', function(event) {
loadContent("https://xx.com/this/{{$domain->id}}")
})
而我的路线是:
Route::get('/this/{id}', 'ThisController@code');
这就是我从外部站点加载 javascript 文件的方式:
<!-- code --><div id="content"></div><script src="https://thissite.com/1"></script><!-- End code -->
【问题讨论】:
-
仔细阅读错误信息。它说 CORB 而不是 CORS
-
响应正文是什么样的?
-
啊,是的,我注意到它说 CORB,但是如果我搜索它,它会找到与 CORS 相关的东西。无论如何,响应正文在这里:screencast.com/t/FUocP52CCb
-
这是来自它试图加载的站点的响应:screencast.com/t/7MaT4m57h
-
我添加了用于从服务器加载 javascript 文件的代码块,我认为我这样做的方式给我带来了麻烦,我尝试在我的网站上编写 javascript 文件而不是将它与“脚本”一起包含在内,这很有效。但我需要反其道而行之,因为加载 javascript 的将是客户。
标签: php laravel cross-origin-read-blocking