Chrome可以使用到73版.现在,它向我抛出了CORB警告,并阻止了我的chrome扩展程序运行.
$.ajax({
url: this.url + "api/users",type: 'get',data: { account_id: this.account_id(),user_id: this.user_id(),person_id: person_id },success: function (data) {
//do stuff
}
});
我确实注意到,如果删除x-content-type-options标头,使其不再读取“ nosniff”,我可以得到一些Ajax请求,但不能返回其他请求.不知道这是否意味着什么,但我注意到返回数组的json请求有效,而其他请求则无效.
remove_keys = %w(X-Content-Type-Options)
response.headers.delete_if{|key| remove_keys.include? key}
[{'id' : '123'}] <-worked
{'id' : '123'} <- did not work (not sure if means anything)
chrome完全错误
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://ideas.test/api/users?token=W9BDdoiKcXLWSHXWySnwdCV69jz2y&account_id=3098355&user_id=john%40gmail.com&person_id=21046915&sync=false&new=true with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.
响应头
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-auth_token
Access-Control-Allow-Methods: GET,POST,PUT,PATCH,DELETE,OPTIONS,HEAD
Access-Control-Allow-Origin: chrome-extension://mhikhjencpecbhelhjgdcgpdhlhdlhjh
Access-Control-Expose-Headers:
Access-Control-Max-Age: 1728000
请求标题
Provisional headers are shown
Accept: */*
Origin: chrome-extension://mhikhjencpecbhelhjgdcgpdhlhdlhjh
Referer: https://3.basecamp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6)
AppleWebKit/537.36 (KHTML,like Gecko) Chrome/73.0.3683.75 Safari/537.36
我如何在没有铬因CORB去除主体的情况下返回响应主体?
最佳答案
看起来您正在将CORS标头放入请求中.您需要将它们放入响应中.