文件 URL “不允许加载本地资源"在 Internet 浏览器中
我有一个重要的脑筋急转弯.
我想用经典的 ASP 打开一个文件.我正在使用各种变量,因为事情可能会改变,但结果是正确的.我知道这一点是因为我已经通过复制链接地址并将其放在我的 URL 中来测试结果.现在的问题是:如果我点击我的链接,它不会做任何事情.不是刷新,不是重定向.没有什么.有谁知道我做错了什么?
好的,这就是交易.我的文件并不总是本地的,这取决于我所处的环境.如果我复制粘贴我的网址的结果,它会下载.如果我单击我的 URL,它不会响应.有任何想法吗?浏览器问题?(虽然我已经测试了 5 个浏览器)还是别的什么?我真的被困在这里,互联网似乎不在我这边.
我有 3 个环境.这里下面的变量是为了使链接有效.我知道该链接有效,因为我已经通过复制对其进行了测试.是的,它确实以 file:/// 开头,是的,我确定链接是正确的.
这是我的代码行:
response.write("<td class='tab_kolom2'><a href='"&rootRs("pre_rootpad")&rootRs("rootpad_protocollen")&""&overzichtRs("Formuliernr")&"Uitvoeringsoverzicht.xls' target='_blank' 下载>点击这里</a></td>")<小时>
带有错误/链接结果的屏幕截图
解决方案现在我们知道实际的错误是什么,可以制定答案了.
<块引用>不允许加载本地资源
是 Chrome 和其他现代浏览器中内置的安全异常.措辞可能不同,但在某种程度上,它们都有安全例外来处理这种情况.
过去您可以覆盖某些设置或应用某些标志,例如
<上一页>--disable-web-security --allow-file-access-from-files --allow-file-access在 Chrome 中(参见 https://stackoverflow.com/a/22027002/692942)
<块引用>它的存在是有原因的
尽管在这一点上值得指出,这些安全异常的存在是有充分理由的,试图规避它们并不是最好的主意.
还有一种方法
由于您已经可以访问 Classic ASP,因此您始终可以构建一个为基于网络的文件提供服务的中间页面.您可以结合使用 ADODB.Stream 对象和 Response.BinaryWrite() 方法来执行此操作.这样做可确保您的网络文件位置永远不会暴露给客户端,并且由于脚本的灵活性,它可用于从多个位置和多种文件类型加载资源.
这是一个基本示例(getfile.asp"):
<%选项显式Dim s, id, bin, file, 文件名, mimeid = Request.QueryString(id")'id 可以是任何东西,只需将其用作识别'文件返回.这可能是一个像这样的简单案例陈述'甚至从数据库中提取.选择案例编号案例TESTFILE1"'文件、mime 和文件名无论如何都可以建立'必须进行硬编码.文件 = \servershareProjectenProtocollen346Uitvoeringsoverzicht.xls"mime =应用程序/vnd.ms-excel";'下载资源时要显示的文件名.文件名=Uitvoeringsoverzicht.xls";'假设其他文件案件 ...结束选择如果 Len(file & ">)0 然后设置 s = Server.CreateObject("ADODB.Stream")s.Type = adTypeBinary 'adTypeBinary = 1 见有用的链接"调用 s.Open()调用 s.LoadFromFile(file)bin = s.Read()'清理流并释放内存调用 s.Close()设置 s = 无'根据 mime 变量设置内容类型头Response.ContentType = mime'控制如何使用'内容处置 HTTP 标头.使用附件"强制资源'在内联"时提示客户端下载允许资源'下载并在客户端显示(用于返回图片'作为'src'一个<img>标签).调用 Response.AddHeader("Content-Disposition", "attachment;filename="; & filename)调用 Response.BinaryWrite(bin)别的'如果没有文件,则返回 404.Response.Status = 404 Not Found"万一%>这个例子是伪编码的,因此未经测试.
然后可以像这样在 <a> 中使用这个脚本来返回资源;
<a href="/getfile.asp?id=TESTFILE1">点击这里</a>可以进一步采用这种方法并考虑(尤其是对于较大的文件)使用Response.IsConnected分块读取文件以检查客户端是否仍然存在并且s.EOS 属性用于在读取块时检查流的结尾.您还可以添加到查询字符串参数以设置是否希望文件返回内联或提示下载.
有用的链接
使用
METADATA导入 DLL 常量 - 如果您无法识别adTypeBinary,总是比硬编码1更好.Content-Disposition:inline"和attachment"有什么区别? - 有用信息关于
Content-Disposition在客户端上的行为方式.
I've got a major brainteaser.
I want to open a file in classic ASP. I'm using various variables because things can change but the outcome is correct. I know this because I've tested the outcome by copying the linkadress and placing it in my URL. Now the problem: If I click my link it doesn't do anything. Not a refresh, not a redirect. nothing. Does anyone know what I did wrong?
Ok here's the deal. My file isn't always local, it depends on what environment I'm on. If I copy-paste the outcome of my url it does download. If I click my URL it doesn't respond. Any ideas? Browser problem? (although I've tested 5 browsers) Or anything else? I'm really stuck here and the internet does not seem to be on my side.
I've got 3 environments. The variables underneath here are so that the link works. I know the link works because I've tested it by copying. And yes, it does begin with file:/// and yes I'm sure the link is right.
Here's my line of code:
response.write("<td class='tab_kolom2'><a href='"&rootRs("pre_rootpad")&rootRs("rootpad_protocollen")&""&overzichtRs("Formuliernr")&"Uitvoeringsoverzicht.xls' target='_blank' download>Click here</a></td>")
EDIT: Screenshot with error/outcome of link
解决方案Now we know what the actual error is can formulate an answer.
Not allowed to load local resource
is a Security exception built into Chrome and other modern browsers. The wording may be different but in some way shape or form they all have security exceptions in place to deal with this scenario.
In the past you could override certain settings or apply certain flags such as
--disable-web-security --allow-file-access-from-files --allow-file-access
in Chrome (See https://stackoverflow.com/a/22027002/692942)
It's there for a reason
At this point though it's worth pointing out that these security exceptions exist for good reason and trying to circumvent them isn't the best idea.
There is another way
As you have access to Classic ASP already you could always build a intermediary page that serves the network based files. You do this using a combination of the ADODB.Stream object and the Response.BinaryWrite() method. Doing this ensures your network file locations are never exposed to the client and due to the flexibility of the script it can be used to load resources from multiple locations and multiple file types.
Here is a basic example ("getfile.asp"):
<%
Option Explicit
Dim s, id, bin, file, filename, mime
id = Request.QueryString("id")
'id can be anything just use it as a key to identify the
'file to return. It could be a simple Case statement like this
'or even pulled from a database.
Select Case id
Case "TESTFILE1"
'The file, mime and filename can be built-up anyway they don't
'have to be hard coded.
file = "\servershareProjectenProtocollen346Uitvoeringsoverzicht.xls"
mime = "application/vnd.ms-excel"
'Filename you want to display when downloading the resource.
filename = "Uitvoeringsoverzicht.xls"
'Assuming other files
Case ...
End Select
If Len(file & "") > 0 Then
Set s = Server.CreateObject("ADODB.Stream")
s.Type = adTypeBinary 'adTypeBinary = 1 See "Useful Links"
Call s.Open()
Call s.LoadFromFile(file)
bin = s.Read()
'Clean-up the stream and free memory
Call s.Close()
Set s = Nothing
'Set content type header based on mime variable
Response.ContentType = mime
'Control how the content is returned using the
'Content-Disposition HTTP Header. Using "attachment" forces the resource
'to prompt the client to download while "inline" allows the resource to
'download and display in the client (useful for returning images
'as the "src" of a <img> tag).
Call Response.AddHeader("Content-Disposition", "attachment;filename=" & filename)
Call Response.BinaryWrite(bin)
Else
'Return a 404 if there's no file.
Response.Status = "404 Not Found"
End If
%>
This example is pseudo coded and as such is untested.
This script can then be used in <a> like this to return the resource;
<a href="/getfile.asp?id=TESTFILE1">Click Here</a>
The could take this approach further and consider (especially for larger files) reading the file in chunks using Response.IsConnected to check whether the client is still there and s.EOS property to check for the end of the stream while the chunks are being read. You could also add to the querystring parameters to set whether you want the file to return in-line or prompt to be downloaded.
Useful Links
Using
METADATAto Import DLL Constants - If you are having trouble gettingadTypeBinaryto be recongnised, always better then just hard coding1.Content-Disposition:What are the differences between "inline" and "attachment"? - Useful information about how
Content-Dispositionbehaves on the client.
相关文章