为了记录 Javascript 错误,我设置了一个带有 window.onerror 的函数,它触发了一个 ajax 请求并通知我脚本错误。我从子域加载所有静态文件,如果主域之外的文件发生错误,CORS 似乎会因为泄漏而删除信息... https://developer.mozilla.org/en-US/docs/ Web/API/GlobalEventHandlers/onerror#notes
我试图通过像这样设置 Access-Control-Allow-Origin 来解决这个问题:
add_header Access-Control-Allow-Origin https://static.example.com;
但没有成功。
我的子域也带有主域的 Access-Control-Allow-Origin。
文件标题:
Request URL: https://www.example.com/de/kontaktformular.html
Request Method: GET
Status Code: 200
Remote Address: XXX
Referrer Policy: strict-origin-when-cross-origin
access-control-allow-origin: https://static.example.com
cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-security-policy: ...
content-type: text/html; charset=UTF-8
date: Tue, 10 Aug 2021 10:21:35 GMT
expect-ct: enforce,max-age=30
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: same-origin
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
:authority: www.example.com
:method: GET
:path: /de/kontaktformular.html
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: de-IT,de;q=0.9,en-US;q=0.8,en;q=0.7,de-DE;q=0.6
cache-control: no-cache
cookie: __Host-PHPSESSID=k2284o6ejliq4t9113bicbv5tr; cookie_alert=1; cart=MjMtLC03OC0sLTF8fDU1LSwtMTI3LSwtMXx8NTUtLC0xMjgtLC0x
pragma: no-cache
referer: https://www.example.com/de/XXX.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
sec-ch-ua-mobile: ?0
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
来自子域的 Js 文件的标头:
Request URL: https://static.example.com/jquery_scripts.128.js
Request Method: GET
Status Code: 200
Remote Address: XXX
Referrer Policy: same-origin
access-control-allow-origin: https://www.example.com
cache-control: public, max-age=31536000, s-maxage=31536000
content-encoding: gzip
content-type: text/javascript;charset=UTF-8
date: Tue, 10 Aug 2021 10:21:35 GMT
expires: Wed, 10 Aug 2022 10:21:35 GMT
last-modified: Tue, 10 Aug 2021 09:38:16 GMT
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
:authority: static.example.com
:method: GET
:path: /jquery_scripts.128.js
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: de-IT,de;q=0.9,en-US;q=0.8,en;q=0.7,de-DE;q=0.6
cache-control: no-cache
pragma: no-cache
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
sec-ch-ua-mobile: ?0
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
来自相同的文档: