為了記錄 Javascript 錯誤,我使用 window.onerror 設定了一個函數,它會觸發 ajax 請求並通知我有關腳本錯誤的資訊。我從子網域加載所有靜態文件,如果主網域之外的文件發生錯誤,CORS 似乎會因為洩漏而刪除資訊... https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers/onerror#notes
我嘗試透過設定 Access-Control-Allow-Origin 來解決該問題:
add_header Access-Control-Allow-Origin https://static.example.com;
但沒有成功。
我的子網域也帶有主網域的 Access-Control-Allow-Origin 。
文件標題:
Request URL: https://www.example.com/de/kontaktformular.html
Request Method: GET
Status Code: 200
Remote Address: XXX
Referrer Policy: strict-origin-when-cross-origin
access-control-allow-origin: https://static.example.com
cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-security-policy: ...
content-type: text/html; charset=UTF-8
date: Tue, 10 Aug 2021 10:21:35 GMT
expect-ct: enforce,max-age=30
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: same-origin
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
:authority: www.example.com
:method: GET
:path: /de/kontaktformular.html
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: de-IT,de;q=0.9,en-US;q=0.8,en;q=0.7,de-DE;q=0.6
cache-control: no-cache
cookie: __Host-PHPSESSID=k2284o6ejliq4t9113bicbv5tr; cookie_alert=1; cart=MjMtLC03OC0sLTF8fDU1LSwtMTI3LSwtMXx8NTUtLC0xMjgtLC0x
pragma: no-cache
referer: https://www.example.com/de/XXX.html
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
sec-ch-ua-mobile: ?0
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
來自子網域的Js檔案頭:
Request URL: https://static.example.com/jquery_scripts.128.js
Request Method: GET
Status Code: 200
Remote Address: XXX
Referrer Policy: same-origin
access-control-allow-origin: https://www.example.com
cache-control: public, max-age=31536000, s-maxage=31536000
content-encoding: gzip
content-type: text/javascript;charset=UTF-8
date: Tue, 10 Aug 2021 10:21:35 GMT
expires: Wed, 10 Aug 2022 10:21:35 GMT
last-modified: Tue, 10 Aug 2021 09:38:16 GMT
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
:authority: static.example.com
:method: GET
:path: /jquery_scripts.128.js
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: de-IT,de;q=0.9,en-US;q=0.8,en;q=0.7,de-DE;q=0.6
cache-control: no-cache
pragma: no-cache
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
sec-ch-ua-mobile: ?0
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36