If the cross-domain jsonp is blocked by CORB, what is the solution?

* recently I have been using vue to copy QQ Music"s web mobile end and using jsonp to request data. Chrome reports the problem of CORB interception when requesting ranking data. The specific URL is

.
https://c.y.qq.com/v8/fcg-bin/fcg_myqq_toplist.fcg?g_tk=5381&uin=704838764&format=json&inCharset=utf-8&outCharset=utf-8&notice=0&platform=h5&needNewCode=1&jsonpCallback=__jp0

* it is known that there is no problem with URL. You can get the data by entering the browser address

.

after checking Response Header"s Content-type as application/x-javascript, in the developer"s tool, I wonder if it has anything to do with this

clipboard.png

ask the bosses if they have any solutions.


jsfiddle


write the link to the script tag src and open it with safari, and you will find that the request returns data in json format, which is not in jsonp format (callback (data))

jsonchrome Cross-Origin Read Blocking (CORB)

:
:format=jsonp
https://c.y.qq.com/v8/fcg-bin...
callbackjsonpCallback = MusicJsonCallback Callback__jp0__jp0(data)
Cross-Origin Read Blocking


https://www.chromium.org/Home...

Cross-Origin Read Blocking (CORB) is a new web platform security feature that helps mitigate the threat of side-channel attacks (including Spectre). It is designed to prevent the browser from delivering certain cross-origin network responses to a web page, when they might contain sensitive information and are not needed for existing web features. For example, it will block a cross-origin text/html response requested from a <script> or tag, replacing it with an empty response instead. This is an important part of the protections included with Site Isolation.


clipboard.png

here QQ Music has specified that only the domain name of other people's qq can use this js. Is to prevent you from directly embezzling.

Why don't you just download the code manually and point to the local address

Menu