handsome主题预览文章的问题

根据网页开发人员工具中的报错

from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow

确定是apache2设置跨域的问题，首先使能apache2的头部请求模块

root@73b0c7f2587a:/var/www/html# a2enmod headers.load
Enabling module headers.
To activate the new configuration, you need to run:
  service apache2 restart
root@73b0c7f2587a:/var/www/html# service apache2 restart

其次是修改apache2的配置，修改

/etc/apache2/sites-enabled/000-default.conf

增加

        Header set Access-Control-Allow-Origin *
        Header set Access-Control-Allow-Credentials true
        Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"

---

如果是使用的nginx搭建的网站，则需要修改配置文件，在location关键字下增加

location / {
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
        }

---

然后根据网页开发人员工具中的报错

The document is sandboxed and lacks the 'allow-same-origin' flag.

确定是iframe中的sandbox缺少’allow-same-origin’属性的问题

修改Typecho根目录中的

./admin/write-js.php

文件，修改如下

    function previewData(cid) {
        isFullScreen = $(document.body).hasClass('fullscreen');
        $(document.body).addClass('fullscreen preview');

        var frame = $('<iframe frameborder="0" class="preview-frame preview-loading"></iframe>')
            .attr('src', './preview.php?cid=' + cid)
            .attr('sandbox', 'allow-scripts allow-same-origin')
            .appendTo(document.body);

        frame.load(function () {
            frame.removeClass('preview-loading');
        });

        frame.height($(window).height() - 53);
    }

主要是这一句话

.attr('sandbox', 'allow-scripts allow-same-origin')