问题描述
我们2011年将 X-Content-Type-Options:nosniff
标题添加到我们的原始URL响应中,作为防止盗链的第一步。这具有强制浏览器根据 Content-Type
标头处理内容的效果。这意味着当我们为文件的原始视图设置 Content-Type:text / plain
时,浏览器将拒绝将该文件视为JavaScript或CSS。
We added the X-Content-Type-Options: nosniff
header to our raw URL responses way back in 2011 as a first step in combating hotlinking. This has the effect of forcing the browser to treat content in accordance with the Content-Type
header. That means that when we set Content-Type: text/plain
for raw views of files, the browser will refuse to treat that file as JavaScript or CSS.
但也有其他选择。 请查看。
But there are alternatives. Check my answer to this question.
我试图将GitHub中的JavaScript文件包含到本地HTML文件中进行测试(例如在Internet上找到的图像:< img src =http:// ...>
)。
我喜欢这样的事情:
I would like something like this:
<script src="https://github.com/[username]/[repository]/blob/master/public/[fileName].js"></script>
问题是这不起作用。我确信这是可能的。
The problem is that this doesn't work. I am sure that this is possible.
我该怎么做?
How can I do this?
推荐答案
您可以通过类似于以下的网址来完成此操作:
You will be able to do it with a URL similar to this:
https://rawgit.com/h5bp/html5-boilerplate/master/src/js/plugins.js
请注意,这与单击GitHub中的原始按钮不同;
该按钮也会给你一个干净的文件版本,但它将被发送
,并带有错误的标题。
Note that this is not the same as clicking on the "raw" button within GitHub;that button will also give you a clean version of the file, but it will be sentwith the wrong headers.
警告字;该文件不是来自GitHub的 。它通过 rawgit.com
域重定向到
。正如所述:
A Word of warning; the file is not not being served from GitHub. It is beingredirected through the rawgit.com
domain. As is stated on https://rawgit.com:
请记住,所有者该域名现在控制流量,
可以按照他们认为合适的方式操纵它。
Keep in mind that the owner of that domain is now in control of the traffic andis able to manipulate it as they see fit.
在制作中使用此网址:
https://cdn.rawgit.com/user/repo/tag/file
这篇关于将GitHub的JavaScript文件包含到HTML页面中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!