嵌入来自其他服务器的图像 - 为什么它可以在Firefox中运行,但不能在Chrome或IE中运行

时间:2021-12-05 17:06:16

I'm working on a tool that pulls information from a couple of sources - a main server (for data pull), and a voip phone (for screenshot of its screen). Everything seems to be working fine except for one particularly vexing issue; I can't render the screenshot when the page is shown in Chrome and IE. In Firefox, it looks fine.

我正在开发一种工具,可以从几个来源获取信息 - 一个主服务器(用于数据拉取)和一个voip电话(用于其屏幕的屏幕截图)。除了一个特别棘手的问题外,一切似乎都运转正常;当Chrome和IE中显示该页面时,我无法呈现屏幕截图。在Firefox中,它看起来很好。

<table class="phoneScreen;" border='0'>
        <tr><td><table class="phoneScreen" align=center style="width:95%"><tr><td><img src="http://username:password@<?php echo $ip; ?>/CGI/Screenshot" style="width:100%;"></td></tr>

    </table>

This component, http://username:password@ipAddress/CGI/Screenshot, is the main issue. When I put the link in manually, it works. But as part of the web page, it doesn't. The page is rendered through http (not https), so mixed security is not the issue on this page.

这个组件http:// username:password @ ipAddress / CGI / Screenshot是主要问题。当我手动输入链接时,它可以工作。但作为网页的一部分,它没有。该页面通过http(而不是https)呈现,因此混合安全性不是此页面上的问题。

Update: In viewing the page with Google Chrome's console, I get "Failed to load resource: the server responded with a status of 401 (Unauthorized)" when the page tries to pull the image from the screenshot. Unusual since when I copy and past that link in another tab it seems to work.

更新:在使用Google Chrome控制台查看该页面时,当页面尝试从屏幕截图中提取图像时,我收到“无法加载资源:服务器响应状态为401(未授权)”。不寻常,因为当我在另一个标签中复制并通过该链接时,它似乎有效。

1 个解决方案

#1


1  

<img src="username:password@ipAddress/CGI/Screenshot"/>

This feature is not supported by all browsers and it's not safe as username and password are exposed to the client.

所有浏览器都不支持此功能,因为用户名和密码暴露给客户端,所以它不安全。

Other option: <img/> src should be pointing to the same server from where original page is rendered (same origin policy). Get the original image from a different server through server side code using required username and password, send the image back to the client, so that no need to expose username and password to the client.

其他选项:嵌入来自其他服务器的图像 - 为什么它可以在Firefox中运行,但不能在Chrome或IE中运行 src应指向呈现原始页面的同一服务器(相同的源策略)。使用所需的用户名和密码通过服务器端代码从不同的服务器获取原始映像,将映像发送回客户端,这样就不需要向客户端公开用户名和密码。

#1


1  

<img src="username:password@ipAddress/CGI/Screenshot"/>

This feature is not supported by all browsers and it's not safe as username and password are exposed to the client.

所有浏览器都不支持此功能,因为用户名和密码暴露给客户端,所以它不安全。

Other option: <img/> src should be pointing to the same server from where original page is rendered (same origin policy). Get the original image from a different server through server side code using required username and password, send the image back to the client, so that no need to expose username and password to the client.

其他选项:嵌入来自其他服务器的图像 - 为什么它可以在Firefox中运行,但不能在Chrome或IE中运行 src应指向呈现原始页面的同一服务器(相同的源策略)。使用所需的用户名和密码通过服务器端代码从不同的服务器获取原始映像,将映像发送回客户端,这样就不需要向客户端公开用户名和密码。