From da78a9e329e272dedb2400b79a3bdeebff387d47 Mon Sep 17 00:00:00 2001 From: Peter Bengtsson Date: Tue, 8 Dec 2020 14:42:17 -0500 Subject: initial commit --- .../http/cors/errors/corsdidnotsucceed/index.html | 22 +++++++ .../http/cors/errors/corsrequestnothttp/index.html | 43 ++++++++++++ files/ko/web/http/cors/errors/index.html | 76 ++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 files/ko/web/http/cors/errors/corsdidnotsucceed/index.html create mode 100644 files/ko/web/http/cors/errors/corsrequestnothttp/index.html create mode 100644 files/ko/web/http/cors/errors/index.html (limited to 'files/ko/web/http/cors/errors') diff --git a/files/ko/web/http/cors/errors/corsdidnotsucceed/index.html b/files/ko/web/http/cors/errors/corsdidnotsucceed/index.html new file mode 100644 index 0000000000..4cb694d0d5 --- /dev/null +++ b/files/ko/web/http/cors/errors/corsdidnotsucceed/index.html @@ -0,0 +1,22 @@ +--- +title: 'Reason: CORS request did not succeed' +slug: Web/HTTP/CORS/Errors/CORSDidNotSucceed +translation_of: Web/HTTP/CORS/Errors/CORSDidNotSucceed +--- +
{{HTTPSidebar}}
+ +

원인

+ +
원인: CORS 요청이 성공하지 못했습니다.
+ +

무엇이 문제인가요?

+ +

네트워크 또는 프로토콜 수준에서 HTTP 연결이 실패했기 때문에 CORS를 사용하는  {{Glossary("HTTP")}} 요청이 실패했습니다. 이 에러는 근본적인 네트워크 에러이거나 그에 준하는 에러로 CORS와 직접적인 연관이 있는 것은 아닙니다.

+ +

더 보기

+ + diff --git a/files/ko/web/http/cors/errors/corsrequestnothttp/index.html b/files/ko/web/http/cors/errors/corsrequestnothttp/index.html new file mode 100644 index 0000000000..9c583d82fa --- /dev/null +++ b/files/ko/web/http/cors/errors/corsrequestnothttp/index.html @@ -0,0 +1,43 @@ +--- +title: 'Reason: CORS request not HTTP' +slug: Web/HTTP/CORS/Errors/CORSRequestNotHttp +tags: + - CORS + - CORSRequestNotHttp + - HTTP + - HTTPS + - 메시지 + - 문제해결 + - 보안 + - 에러 + - 이유 + - 콘솔 + - 크로스 오리진 +translation_of: Web/HTTP/CORS/Errors/CORSRequestNotHttp +--- +
{{HTTPSidebar}}
+ +

이유

+ +
Reason: CORS request not HTTP
+ +

무엇이 잘못되었는가?

+ +

{{Glossary("CORS")}} 요청은 오직 HTTPS URL 스키마만을 사용할 수 있지만 요청에 의해 지정된 URL은 다른 타입이다. 이는 URL이 file:/// URL을 사용해 로컬 파일을 지정할 경우 종종 발생한다.

+ +

이 문제를 해결하려면, {{domxref("XMLHttpRequest")}}, Fetch APIs, 웹 폰트 (@font-face), WebGL textures, XSL 스타일시트와 같은 CORS를 포함하는 요청이 발생할 때 HTTPS URL을 사용하고 있는지 확인하도록 한다.

+ +

Firefox 68에서의 로컬 파일 보안

+ +

Firefox 67 이전 버전에서 file:/// URI를 사용하는 페이지를 열때 페이지의 오리진은 페이지가 열린 디렉토리로 정의된다. 동일한 디렉토리와 그 하위 디렉토리의 리소스들은 CORS 동일-오리진 규칙의 목적을 위한 동일 오리진을 갖는 것으로 처리된다.

+ +

CVE-2019-11730에 대한 응답으로, Firefox 68 이후 버전에서는 file:/// URI를 사용해 열린 페이지의 오리진은 유니크한 것으로 정의된다. 그러므로, 동일 디렉토리나 그 하위 디렉토리의 다른 리소스들은 더 이상 CORS 동일-오리진 규칙을 충족하지 않는다. 이는 privacy.file_unique_origin 구성을 사용하여 기본으로 활성화되는 새로운 동작이다.

+ +

함께 보기

+ + diff --git a/files/ko/web/http/cors/errors/index.html b/files/ko/web/http/cors/errors/index.html new file mode 100644 index 0000000000..d1dd12dc75 --- /dev/null +++ b/files/ko/web/http/cors/errors/index.html @@ -0,0 +1,76 @@ +--- +title: CORS errors +slug: Web/HTTP/CORS/Errors +tags: + - CORS + - Errors + - HTTP + - HTTPS + - Messages + - NeedsTranslation + - Same-origin + - Security + - TopicStub + - console + - troubleshooting +translation_of: Web/HTTP/CORS/Errors +--- +
{{HTTPSidebar}}
+ +

Cross-Origin Resource Sharing ({{Glossary("CORS")}}) is a standard that allows a server to relax the same-origin policy. This is used to explicitly allow some cross-origin requests while rejecting others. For example, if a site offers an embeddable service, it may be necessary to relax certain restrictions. Setting up such a CORS configuration isn't necessarily easy and may present some challenges. In these pages, we'll look into some common CORS error messages and how to resolve them.

+ +

If the CORS configuration isn't setup correctly, the browser console will present an error like "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at $somesite" indicating that the request was blocked due to violating the CORS security rules. This might not necessarily be a set-up mistake, though. It's possible that the request is in fact intentionally being disallowed by the user's web application and remote external service. However, If the endpoint is meant to be available, some debugging is needed to succeed.

+ +

Identifying the issue

+ +

To understand the underlying issue with the CORS configuration, you need to find out which request is at fault and why. These steps may help you do so:

+ +
    +
  1. Navigate to the web site or web app in question and open the Developer Tools.
    2. +
  2. Now try to reproduce the failing transaction and check the console if you are seeing a CORS violation error message. It will probably look like this:
    3. +
+ +

Firefox console showing CORS error

+ +

The text of the error message will be something similar to the following:

+ +
Cross-Origin Request Blocked: The Same Origin Policy disallows
+reading the remote resource at https://some-url-here. (Reason:
+additional information here).
+ +
+

Note: For security reasons, specifics about what went wrong with a CORS request are not available to JavaScript code. All the code knows is that an error occurred. The only way to determine what specifically went wrong is to look at the browser's console for details.

+
+ +

CORS error messages

+ +

Firefox's console displays messages in its console when requests fail due to CORS. Part of the error text is a "reason" message that provides added insight into what went wrong.  The reason messages are listed below; click the message to open an article explaining the error in more detail and offering possible solutions.

+ + + +

See also

+ + -- cgit v1.2.3-54-g00ecf