Using Google Chrome browser to test the cross-domain call interface, an error is reported in the following figure:
Access to XMLHttpRequest at 'http://192.168.50.227:9200/' from origin 'http://www.xxx.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `private`.
Enter the following in the browser navigation bar:
Block insecure private network requests. Prohibition, that is, cultivationdisabledRestart your browser.
Prevents non-secure contexts from making sub-resource requests to more-private IP addresses. An IP address IP1 is more private than IP2 if 1) IP1 is localhost and IP2 is not, or 2) IP1 is private and IP2 is public. This is a first step towards full enforcement of CORS-RFC1918:https://wicg.github.io/cors-rfc1918– Mac, Windows, Linux, Chrome OS, Android
Prevent non-security contexts from making subresource requests to more dedicated IP addresses. If 1) IP1 is localhost and IP2 is not, or 2) IP1 is private and IP2 is public, then the IP address IP1 is more private than IP2. This is the first step in the full implementation of CORS-RFC1918:https://wicg.github.io/cors-rfc1918– Mac, Windows, Linux, Chrome OS, Android 
My own understanding: The purpose of Google Chrome may be for security reasons, in order to prevent access to some external websites directly traversing the host that scans the LAN, if some servers installed on the LAN install some services that are vulnerable and allow cross-domain access, so that external websites can attack vulnerable services on the LAN through vulnerabilities.
(End)
|
Posted on 11/7/2021 8:00:32 PM
|
|
|
|
