Yuhang Zheng

handsome主题预览文章的问题

N 人看过

根据网页开发人员工具中的报错

1
from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow

确定是apache2设置跨域的问题,首先使能apache2的头部请求模块

1
2
3
4
5
root@73b0c7f2587a:/var/www/html# a2enmod headers.load
Enabling module headers.
To activate the new configuration, you need to run:
service apache2 restart
root@73b0c7f2587a:/var/www/html# service apache2 restart

其次是修改apache2的配置,修改

1
/etc/apache2/sites-enabled/000-default.conf

增加

1
2
3
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Credentials true
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"

如果是使用的nginx搭建的网站,则需要修改配置文件,在location关键字下增加

location / {
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
        }

然后根据网页开发人员工具中的报错

1
The document is sandboxed and lacks the 'allow-same-origin' flag.

确定是iframe中的sandbox缺少’allow-same-origin’属性的问题

修改Typecho根目录中的

1
./admin/write-js.php

文件,修改如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
function previewData(cid) {
isFullScreen = $(document.body).hasClass('fullscreen');
$(document.body).addClass('fullscreen preview');

var frame = $('<iframe frameborder="0" class="preview-frame preview-loading"></iframe>')
.attr('src', './preview.php?cid=' + cid)
.attr('sandbox', 'allow-scripts allow-same-origin')
.appendTo(document.body);

frame.load(function () {
frame.removeClass('preview-loading');
});

frame.height($(window).height() - 53);
}

主要是这一句话

1
.attr('sandbox', 'allow-scripts allow-same-origin')