access to image at from origin has been blocked by cors policy The request client is not a secure context and the resource is in more-private address space `local` 有大用 有大大用
A site requested a resource from a network that it could only access because of its users' privileged network position. These requests expose devices and servers to the internet, increasing the risk of a cross-site request forgery (CSRF) attack, and/or information leakage.
To mitigate these risks, Chrome deprecates requests to non-public subresources when initiated from non-secure contexts, and will start blocking them in Chrome 92 (July 2021).
To fix this issue, migrate the website that needs to access local resources to HTTPS. If the target resource is not served on localhost, it must also be served on HTTPS to avoid mixed-content issues.
Administrators can make use of the InsecurePrivateNetworkRequestsAllowed and InsecurePrivateNetworkRequestsAllowedForUrls enterprise policies to temporarily disable this restriction on all or certain websites.
CORS跨域问题:
升级谷歌浏览器最新chrome94版本后,提示Access to XMLHttpRequest at 'http://localhost:xxxx/api' from origin 'http://xxx.xxx.com:xxxx' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.
Access to CSS stylesheet at 'https://cdn.jsdelivr.net/npm/luckysheet/dist/assets/iconfont/iconfont.css' from origin 'http://www.abc.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.
查询网上都是在 nginx 层处理,如:
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'