如何修复阻止源为“ https://s3.amazonaws.com”的框架访问跨域框架

编程问答 2022-08-15

问题描述

我已经将SCORM xblock与edx-platform集成在一起,但是我正在尝试启动我的SCORM课程,这使我在chrome控制台中出现了错误。

scormfunctions.js:38 Uncaught DOMException: Blocked a frame with origin "https://s3.amazonaws.com" from accessing a cross-origin frame.
    at ScanForAPI (https://s3.amazonaws.com/dev-ironwood-edx-uploads/scorm/aea0be6310754d3aab1649c5282bbd29/c8d75aa6c54a807e870b6afd4dd9a817aacaccc3/shared/scormfunctions.js:38:16)

当JavaScript函数试图访问父窗口的window.variable,并且浏览器阻止了这种访问以防止点击劫持攻击时,我在上面分享的异常正在提出。

我尝试在StackOverflow和其他论坛上进行搜索,但找不到解决方案。我有主意,我将不得不和Content-Security-Policy一起玩,如果有人可以帮助我指出标头值,我将不胜感激。

解决方法

我遇到了同样的问题,所以我使用了反向 nginx 代理来解决 CORS 问题,正如受人尊敬的 @Tom 所建议的那样。 nginx 的设置:

proxy_cache_path   /tmp/ levels=1:2 keys_zone=s3_cache:10m max_size=500m
                 inactive=60m use_temp_path=off;

server {
listen  80 default;
server_name scorm.loc; #change if needed
charset     utf-8;
root /var/www/site/public; #change if needed

# max upload size
client_max_body_size 75M;   #change if needed

 location /s3/ {       
    proxy_http_version     1.1;     
    proxy_set_header       Connection "";
    proxy_set_header       Authorization '';
    proxy_set_header       Host s3-eu-west-1.amazonaws.com;  #change if needed
    proxy_hide_header      x-amz-id-2;
    proxy_hide_header      x-amz-request-id;
    proxy_hide_header      x-amz-meta-server-side-encryption;
    proxy_hide_header      x-amz-server-side-encryption;
    proxy_hide_header      Set-Cookie;
    proxy_ignore_headers   Set-Cookie;
    proxy_intercept_errors on;
    add_header             Cache-Control max-age=31536000;
    proxy_pass             http://s3-eu-west-1.amazonaws.com/; #change if needed
}


location /s3_cached/ {
    proxy_cache            s3_cache;
    proxy_http_version     1.1;
    proxy_set_header       Connection "";
    proxy_set_header       Authorization '';
    proxy_set_header       Host s3-eu-west-1.amazonaws.com; #change if needed
    proxy_hide_header      x-amz-id-2;
    proxy_hide_header      x-amz-request-id;
    proxy_hide_header      x-amz-meta-server-side-encryption;
    proxy_hide_header      x-amz-server-side-encryption;
    proxy_hide_header      Set-Cookie;
    proxy_ignore_headers   Set-Cookie;
    proxy_cache_revalidate on;
    proxy_intercept_errors on;
    proxy_cache_use_stale  error timeout updating http_500 http_502 http_503 http_504;
    proxy_cache_lock       on;
    proxy_cache_valid      200 304 60m;
    add_header             Cache-Control max-age=31536000;
    add_header             X-Cache-Status $upstream_cache_status;
    proxy_pass             http://s3-eu-west-1.amazonaws.com/;  #change if needed
}
}

来自 S3 存储上现有 SCORM 包的所有静态数据都将在您的域 scorm.loc/s3/your_path/your_filename 中可用。

,

如果您同时控制:LMS-Server 和 Content-server,常见的方法是使用反向代理。

content-security-policydjangoedxscorm

相关问答

matplotlib报错:AttributeError: module 'backend_interagg' has no attribute 'FigureCanvas'. Did you mean: 'FigureCanvasAgg'?
使用本地python环境可以成功执行 import pandas as pd impor...
gitlab登录失败,报错:This challenge page was accidentally cached by an intermediary and is no longer available.
设置时间 控制面板
后端开发常见错误
错误1:Request method ‘DELETE‘ not supported 错误还原:...
docker常见错误
错误1:启动docker镜像时报错:Error response from daemon:...
idea常见错误
错误1:private field ‘xxx‘ is never assigned 按Alt...
pip安装依赖失败
报错如下,通过源不能下载,最后警告pip需升级版本 Requirem...