javascript Microsoft Edge 阻止跨域请求发送到同一专用网络 CIDR 中的 IP
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32581503/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Microsoft Edge blocked cross-domain requests sent to IPs in same private network CIDR
提问by Hsiao
$.ajax({
url: "http://10.13.22.150/req_path",
success: function(result){
console.log(result);
}
});
I'd like to send Cross-Domain XMLHttpRequest to ip addresses in the private network. However, the following error is shown in developer tools console:
我想将跨域 XMLHttpRequest 发送到专用网络中的 IP 地址。但是,开发人员工具控制台中显示以下错误:
SCRIPT7002: XMLHttpRequest: Network Error 0x2efd, Could not complete the operation due to error 00002efd.
SCRIPT7002:XMLHttpRequest:网络错误 0x2efd,由于错误 00002efd,无法完成操作。
According to Wireshark, the packet is not sent from client side. I guess the request is blocked by Microsoft Edge Furthermore, I found that the requests are only blocked if the url of XMLHttpRequest and Edge client are in the same CIDR of private network.
根据 Wireshark 的说法,数据包不是从客户端发送的。我猜该请求被 Microsoft Edge 阻止了此外,我发现只有当 XMLHttpRequest 和 Edge 客户端的 url 位于同一个私有网络的 CIDR 中时,请求才会被阻止。
Client IP Request URL Result
192.168.x.x send to 192.168.x.x ->>>>> X
10.13.x.x send to 10.13.x.x ->>>>> X
10.13.x.x send to 192.168.x.x ->>>>> O
Other browsers like IE11 / Chrome / Firefox work just fine. This circumstance is only shown in Microsoft Edge. Is there any workaround or solution about this issue?
其他浏览器如 IE11 / Chrome / Firefox 工作得很好。这种情况仅在 Microsoft Edge 中显示。是否有解决此问题的方法或解决方案?
采纳答案by beluga
From Understanding Enhanced Protected Mode
Private Network resources
Because EPM does not declare the privateNetworkClientServer capability, your Intranet resources are protected from many types of cross-zone attacks (usually called “Cross-Site-Request-Forgery (CSRF)” and “Intranet Port Scanning.”) Internet pages are not able to frame Intranet pages, load images or resources from them, send them CORS XHR requests, etc.
专网资源
由于 EPM 未声明 privateNetworkClientServer 功能,因此您的内网资源可以免受多种类型的跨区域攻击(通常称为“跨站点请求伪造 (CSRF)”和“内网端口扫描”)。Internet 页面无法构建 Intranet 页面,从中加载图像或资源,向它们发送 CORS XHR 请求等。
All of the above seems to apply to MS Edge. The only thing Edge is lacking (at least at this point, v20.10240) is the security zone settings.
以上所有似乎都适用于 MS Edge。Edge 唯一缺少的东西(至少在这一点上是 v20.10240)是安全区域设置。
My issue wasn't with the XMLHttpRequest but rather with trying to load an intranet page in an iframe inside the internet page. The workaround involved chanding my network setup - see https://stackoverflow.com/a/32828629
我的问题不在于 XMLHttpRequest,而在于尝试在 Internet 页面内的 iframe 中加载 Intranet 页面。解决方法涉及更改我的网络设置 - 请参阅https://stackoverflow.com/a/32828629
