我正在尝试通过加载程序脚本加载 CDN javascript 文件,但出现以下错误。
Access to script at 'https://banner.foo.dev/1.0.0/dist/index.js' from origin 'https://local.foo.com:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.和状态码
307加载脚本
var bannerLoader = document.createElement('script')
bannerLoader.defer = true
bannerLoader.setAttribute('type', 'module')
bannerLoader.setAttribute('id', 'banner-loader')
bannerLoader.setAttribute(
'src',
'https://banner.foo.dev/1.0.0/dist/index.js'
)
document.head.appendChild(bannerLoader)
如果我通过
script<script src="https://banner.foo.dev/1.0.0/dist/index.js" ></script>
我验证了具有
Access-Control-Allow-Orgin:*原点有
custom-csp-headerdefault-src 'self' https://*.foo.com https://*.foo.dev font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' 任何线索将不胜感激。