这人有我难住了。

我有一个Web应用程序，有一个文件上传/下载区。文件被下载在通过一个临时的iframe元素的背景。这是一种单分页AJAX应用程序和用户界面被写入在Javascript，jQuery和使用jQuery.FileDownloader.js来管理的iFrame。该应用程序运行在HTTPS的网站和下载网址在同一个确切的域。后端是一个RESTful应用程序。这几个月真是棒极了。直到今天。

I have a web app that has a file upload/download area. Files are downloaded in the background via a temporary iFrame element. This is a single-paged AJAX application and the UI is written in Javascript, jQuery and uses the jQuery.FileDownloader.js to manage the iFrame. The application runs over HTTPS and the site and download URL are on the same exact domain. The back-end is a RESTful application. This has worked great for months. Until today.

突然，尝试下载一个文件浏览器时，浏览器报告阻止原产 HTTPS的错误： //example.com 访问一个跨域框架。

All of a sudden, when attempting to download a file in Chrome, the browser reports an error of "Blocked a frame with origin https://example.com from accessing a cross-origin frame."

的问题是，在主站点的iframe的起源和是完全相同的域。我已确保的结构域是相同的，以及作为协议。 Chrome是抛出了跨域错误的浏览器。 IE，Firefox，歌剧，Safari浏览器...如预期的所有工作。这是只有在Chrome浏览器，它只是从今天开始。更糟糕的是，没有更新了对浏览器进行。这确实是自发的。我也排除了插件的原因在隐身模式下，在没有被允许通过我的设置要在运行，以及禁用我的防病毒软件。这个问题正在展出其他计算机上，在其他地方（而不是在我们的局域网或子网），所有正在运行的Chrome浏览器。

The problem is that the origin of the main site and that of the iframe are the exact same domain. I have ensured that the domains are the same as well as the protocol. Chrome is the only browser that throws up the cross-origin error. IE, Firefox, Opera, Safari... all work as expected. It's only in Chrome and it's only as of today. To make things worse, no updates were made to the browser. It truly is spontaneous. I've also ruled out plugins as the cause by running in Incognito mode, where none are allowed to run by my settings, as well as disabling my anti-virus software. This problem is being exhibited on other computers, in other locations (not on our LAN or subnet), all running Chrome.

和，再次，在父帧和嵌入iframe的两个域是相同的。这只是发生针对其运行在HTTPS生产服务器。其他非HTTPS网站（如我们的开发环境，本地主机）没有问题。我们的SSL是有效的。由于这是一个分页的AJAX应用程序，我们正在努力，以避免弹出另一个窗口的下载。

And, again, both domains of the parent frame and the embedded iframe are identical. This only happens against the production server which runs over HTTPS. Other non-HTTPS sites (e.g. our dev environment, localhost) don't have the problem. Our SSL is valid. Since this is a single-paged AJAX application, we're trying to avoid popping up another window for the download.

希望有人能提供一些建议。先谢谢了。

Hopefully, someone can offer some advice. Thanks in advance.

更新：经过进一步的研究，我已经找到了解决这一问题的方法是括在双引号的响应头文件名

推荐答案

我已经找到了问题的原因。事实证明，谷歌浏览器有问题，有其名逗号文件。当通过直接链接下载文件，浏览器会报告重复的标题是从服务器报告。这是一个长期存在的问题与Chrome浏览器已经未解决。其他浏览器不容易受到这个问题。不过，这是一个相当简单的问题来解决，事实上，当我搜索这个错误，第一个搜索结果有解决办法：处理来自谷歌浏览器的请求时，删除文件名逗号

I have found the cause of the problem. It turns out that Google Chrome has problems with files that have commas in their filename. When downloading the file via a direct link, Chrome will report that duplicate headers were reported from the server. This has been a long-standing problem with Chrome that has gone un-addressed. Other browsers are not susceptible to this problem. Still, it's a fairly easy problem to troubleshoot and, indeed, when I searched on this error, the first search result had the solution: remove commas from filenames when handling a request from Google Chrome.

不过，这并没有直接的联系，这是一个Ajax请求，这会导致不同的异常。在这种情况下，通过浏览器提供的错误是跨域请求例外，这是什么使得它如此难以解决。

However, this wasn't a direct link, it was an AJAX-request, which results in a different exception. In this case, the error provided by Chrome is the cross-origin request exception and this is what made it so difficult to troubleshoot.

因此​​，TL;博士的这一切是去掉逗号对上载的文件的名称。

So, the tl;dr of it all is to strip out commas in the names of uploaded files.