Microsoft Edge 阻止了发送到同一专用网络 CIDR 中的 IP 的跨域请求

时间:2023-04-18
本文介绍了Microsoft Edge 阻止了发送到同一专用网络 CIDR 中的 IP 的跨域请求的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

$.ajax({
    url: "http://10.13.22.150/req_path",
    success: function(result){
        console.log(result);
    }
});

我想将跨域 XMLHttpRequest 发送到专用网络中的 IP 地址.但是,开发者工具控制台显示以下错误:

I'd like to send Cross-Domain XMLHttpRequest to ip addresses in the private network. However, the following error is shown in developer tools console:

SCRIPT7002:XMLHttpRequest:网络错误 0x2efd,由于错误 00002efd,无法完成操作.

SCRIPT7002: XMLHttpRequest: Network Error 0x2efd, Could not complete the operation due to error 00002efd.

根据 Wireshark 的说法,数据包不是从客户端发送的.我猜该请求被 Microsoft Edge 阻止了此外,我发现只有当 XMLHttpRequest 的 url 和 Edge 客户端的 url 在私网的同一 CIDR 中时,请求才会被阻止.

According to Wireshark, the packet is not sent from client side. I guess the request is blocked by Microsoft Edge Furthermore, I found that the requests are only blocked if the url of XMLHttpRequest and Edge client are in the same CIDR of private network.

Client IP             Request URL            Result
192.168.x.x  send to  192.168.x.x   ->>>>>   X
10.13.x.x    send to  10.13.x.x     ->>>>>   X
10.13.x.x    send to  192.168.x.x   ->>>>>   O

IE11/Chrome/Firefox 等其他浏览器运行良好.这种情况仅在 Microsoft Edge 中显示.有没有关于这个问题的解决方法或解决方案?

Other browsers like IE11 / Chrome / Firefox work just fine. This circumstance is only shown in Microsoft Edge. Is there any workaround or solution about this issue?

推荐答案

来自 了解增强保护模式

私网资源

由于 EPM 未声明 privateNetworkClientServer 功能,因此您的 Intranet 资源可以免受多种类型的跨区域攻击(通常称为Cross-Site-Request-Forgery (CSRF)"和Intranet Port Scanning").Internet 页面无法构建 Intranet 页面、从中加载图像或资源、向它们发送 CORS XHR 请求等.

Because EPM does not declare the privateNetworkClientServer capability, your Intranet resources are protected from many types of cross-zone attacks (usually called "Cross-Site-Request-Forgery (CSRF)" and "Intranet Port Scanning.") Internet pages are not able to frame Intranet pages, load images or resources from them, send them CORS XHR requests, etc.

以上所有似乎都适用于 MS Edge.Edge 唯一缺少的(至少目前是 v20.10240)是安全区域设置.

All of the above seems to apply to MS Edge. The only thing Edge is lacking (at least at this point, v20.10240) is the security zone settings.

我的问题不在于 XMLHttpRequest,而在于尝试在 Internet 页面内的 iframe 中加载 Intranet 页面.解决方法涉及更改我的网络设置 - 请参阅 https://stackoverflow.com/a/32828629

My issue wasn't with the XMLHttpRequest but rather with trying to load an intranet page in an iframe inside the internet page. The workaround involved chanding my network setup - see https://stackoverflow.com/a/32828629

这篇关于Microsoft Edge 阻止了发送到同一专用网络 CIDR 中的 IP 的跨域请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

上一篇:已启用 CORS,但在 POST JSON 时,预检响应的 HTTP 状态代码 404 无效 下一篇:何时启用 CORS 是安全的?

相关文章