Control-Allow-Origin' header is present on the requested resource.`![图片](https://lf6-volc-editor.volccdn.com/obj/volcfe/sop-public/upload_e54b84b0d7418da59f9c260ee75c4b2f.png)# 问题分析CDN没有配置跨域头Access-Control-Allow-Origin,导致浏览器没有响应这个请求。# 解决方案在控制台上为域名添加Access-Control-Allow-Origin的跨域头。![图片](https://portal.volccdn.com/obj/volcfe/cloud-universal-doc...
Access-Control-Allow-Origin: *Access-Control-Request-Method: GET,POST,PUTAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: X-Custom-HeadeVary: Accept-Encoding16678xxx127```可以看到在没有配置防敏感信息泄露时,请求正常发送,参数为 id=phone,返回码为 200,且能够返回电话号码内容。### 2.开启防敏感信息泄露规则配置如下:![图片](https://lf6-volc-editor.volccdn.com/obj/volcfe/s...
Access-Control-Allow-Origin: *Access-Control-Request-Method: GET,POST,PUTAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: X-Custom-HeadeVary: Accept-Encoding16678xxx127```可以看到在没有配置防敏感信息泄露时,请求正常发送,参数为 id=phone,返回码为 200,且能够返回电话号码内容。### 2.开启防敏感信息泄露规则配置如下:![alt](https://lf6-volc-editor.volccdn.com/obj/volcfe/...
[~/Test/waf]└─# curl -i shodan.xxxx.cn/sql/?id=1HTTP/1.1 200 OKServer: nginxDate: Tue, 01 Mar 2022 07:42:31 GMTContent-Type: text/htmlContent-Length: 7933Connection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 31 Oct 2014 19:10:23 GMTETag: "1efd-506bcbfada5c0"Accept-Ranges: bytesAccess-Control-Allow-Origin: *Access-Control-Request-Method: GET,POST,PUTAccess-Control-Allow...
缓存节点在响应用户请求时,源站的响应头会被透传。您可以通过配置 HTTP 响应头,在用户在访问资源时,使缓存节点返回的响应消息携带上配置的响应头,从而实现某些特定的功能。 适用场景缓存控制:支持通过配置如 Cache-Control 和 Expires 来控制客户端时否缓存响应内容及缓存有效期,减少重复请求,提高性能。 跨域资源共享:支持通过配置如 Access-Control-Allow-Origin 和 Access-Control-Allow-Methods 等相关头,控制跨域请求的访问...
Access-Control-Allow-Origin: *Access-Control-Request-Method: GET,POST,PUTAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: X-Custom-HeadeVary: Accept-Encoding16678xxx127```可以看到在没有配置防敏感信息泄露时,请求正常发送,参数为 id=phone,返回码为 200,且能够返回电话号码内容。### 2.开启防敏感信息泄露规则配置如下:![alt](https://lf6-volc-editor.volccdn.com/obj/volcfe/...
[~/Test/waf]└─# curl -i shodan.xxxx.cn/sql/?id=1HTTP/1.1 200 OKServer: nginxDate: Tue, 01 Mar 2022 07:42:31 GMTContent-Type: text/htmlContent-Length: 7933Connection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 31 Oct 2014 19:10:23 GMTETag: "1efd-506bcbfada5c0"Accept-Ranges: bytesAccess-Control-Allow-Origin: *Access-Control-Request-Method: GET,POST,PUTAccess-Control-Allow...
跨域访问 HttpCorsAllowCredentials 跨域访问是否返回头部的 Access-Control-Allow-Credentials。默认值为 false,取值说明如下: true:返回头部的 Access-Control-Allow-Credentials。 false:不返回头部的 Acce... HttpCorsAllowMethods 跨域访问允许的方法,用英文逗号分开。默认值:OPTIONS, HEAD, GET, POST, PUT, DELETE。 HttpCorsAllowOrigin 允许跨域访问的源地址,配置样例如 http://host:port。支持正则表达式。 Ht...
[~/Test/waf]└─# curl -i shodan.xxxx.cn/sql/?id=1HTTP/1.1 200 OKServer: nginxDate: Tue, 01 Mar 2022 07:42:31 GMTContent-Type: text/htmlContent-Length: 7933Connection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 31 Oct 2014 19:10:23 GMTETag: "1efd-506bcbfada5c0"Accept-Ranges: bytesAccess-Control-Allow-Origin: *Access-Control-Request-Method: GET,POST,PUTAccess-Control-Allow...
[~]└─# curl -I http://shodan.xxxx.cn/sql/Less-2/?id=1 HTTP/1.1 200 OKServer: nginxDate: Mon, 28 Feb 2022 07:58:41 GMTContent-Type: text/html; charset=UTF-8Connection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/5.6.9Access-Control-Allow-Origin: *Access-Control-Request-Method: GET,POST,PUTAccess-Control-Allow-Credentials: trueAccess-Control-A...
[~]└─# curl -I http://shodan.xxxx.cn/sql/Less-2/?id=1 HTTP/1.1 200 OKServer: nginxDate: Mon, 28 Feb 2022 07:58:41 GMTContent-Type: text/html; charset=UTF-8Connection: keep-aliveVary: Accept-EncodingX-Powered-By: PHP/5.6.9Access-Control-Allow-Origin: *Access-Control-Request-Method: GET,POST,PUTAccess-Control-Allow-Credentials: trueAccess-Control-A...
例如包含ECSFullAccess,VPCFullAccess,IAMFullAccess等。 json { "Statement": [ { "Effect": "Allow", "Action": [ "*" ], "Resource": [... "cloud_trail:Lookup*" ], "Resource": [ "*" ] } ]}IAMReadOnlyAccess被授权该策略后的IAM身份(IAM用户、用户组、角色)可获得访问控...
[~/Test/waf]└─# curl -I shodan.xxxx.cn/sql/ HTTP/1.1 200 OKServer: nginxDate: Tue, 01 Mar 2022 08:39:49 GMTContent-Type: text/htmlContent-Length: 7933Connection: keep-aliveVary: Accept-EncodingLast-Modified: Fri, 31 Oct 2014 19:10:23 GMTETag: "1efd-506bcbfada5c0"Accept-Ranges: bytesAccess-Control-Allow-Origin: *Access-Control-Request-Method: GET,POST,PUTAccess-Control-Allo...