Understanding CORS on UPnP/DLNA browsing

旧时模样 提交于 2020-01-07 08:14:36

问题


I've been playing around with home-grown UPNP/DLNA Browsing.

What I manage to do is a shell script based approach using curl to query the Server and xsl processing to make html pages out of the answers.

Next I thought I could build all this into javascript/kind of interactive browser page. But now I hit the CORS issue as the requests are preflighted by the browser (they are not preflighted when using curl and the server speaks no CORS, just UPnP). Some simplest code trying to get the root of the upnp tree:...

<html>
<head>
<script language="javascript">
function newx() {
    var h = new XMLHttpRequest();
    h.open("POST", "http://hcds6106:50001/ContentDirectory/control", true);

    h.onreadystatechange = processme;

    h.setRequestHeader("SOAPACTION",'"urn:schemas-upnp-org:service:ContentDirectory:1#Browse"');

    h.setRequestHeader("Content-Type", "text/xml; charset='utf-8'");

    h.send('<?xml version="1.0" encoding="utf-8"?><s:Envelope xmlns:ns0="urn:schemas-upnp-org:service:ContentDirectory:1" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><ns0:Browse><ObjectID></ObjectID><BrowseFlag>BrowseDirectChildren</BrowseFlag><Filter>*</Filter><StartingIndex>0</StartingIndex><RequestedCount>0</RequestedCount><SortCriteria /></ns0:Browse></s:Body></s:Envelope>');
}

function processme()
{
    alert(this.status);
}
</script>
</head>
<body onload="newx();"/>
</html>

Clearly the browser (Firefox 47.0) hits

Cross-Origin Request Blocked: The Same Origin Policy disallows reading 
the remote resource at http://hcds6106:50001/ContentDirectory/control.
 (Reason: CORS header 'Access-Control-Allow-Origin' missing).

Is there any reasonable way I can tell my browser to skip the CORS stuff in this case because the server was not made for it? For Firefox or any other common UserAgent? I can't believe it can be so simple without a browser and close to impossible to get it interactive inside browser.... TIA!


回答1:


Is there any reasonable way I can tell my browser to skip the CORS stuff in this case because the server was not made for it?

No.

If it was possible, then I could tell the browsers of visitors to my website to skip the CORS stuff and let me read their data from their online banking and webmail services as well as their company intranet.



来源:https://stackoverflow.com/questions/38946536/understanding-cors-on-upnp-dlna-browsing

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!