jQuery跨域请求
jQuery跨域请求
提问于 2014-07-10 20:06:35
我想让一个跨域的请求开始工作。有关守则如下:
var promise = $.ajax({
type: 'GET',
url: registerUrl,
dataType: 'json',
cache: false,
crossDomain: true,
xhrFields: { withCredentials: true },
contentType: 'application/json'
});我控制呼叫和接收服务器,这是我得到的响应:
原始请求(Fiddler提供):
OPTIONS http://localhost:5080/mportal/registerChat?gsid=abcde&ul=100,200&_=1405022169353 HTTP/1.1
Host: localhost:5080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://localhost:53054
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Connection: keep-alive原始答复:
HTTP/1.1 200 OK
Date: Thu, 10 Jul 2014 19:56:11 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Content-Length: 0
Server: Jetty(8.1.4.v20120524)现在,我的理解是,这次飞行前的Allow-Origin: *应该足够火狐/ Chrome让请求继续。奇怪的是,IE没有为这个请求做任何预飞,而且它可以工作(尽管发出警告说它不符合CORS规范)。
我是不是漏掉了什么?我已经尝试在我能想到的ajax请求上设置每个值,并且服务器看起来是用对选项请求的适当响应来响应的。
来自firefox的特定错误消息:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5080/mportal/registerChat?gsid=abcde&ul=100,200&_=1405022169353. This can be fixed by moving the resource to the same domain or enabling CORS.我做错了什么?有什么可以改变来解决这个问题呢?
编辑:新的请求/响应字段:
OPTIONS http://localhost:5080/mportal/registerChat?gsid=abcde&ul=100,200&_=1405026511996 HTTP/1.1
Host: localhost:5080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://localhost:53054
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Connection: keep-alive响应:
HTTP/1.1 200 OK
Date: Thu, 10 Jul 2014 21:08:38 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Credentials: true
Content-Length: 0
Server: Jetty(8.1.4.v20120524)现在,fiddler还记录了实际的请求:
GET http://localhost:5080/mportal/registerChat?gsid=abcde&ul=100,200&_=1405026511996 HTTP/1.1
Host: localhost:5080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json
Referer: http://localhost:53054/
Origin: http://localhost:53054
Connection: keep-alive以及答复:
HTTP/1.1 200 OK
Date: Thu, 10 Jul 2014 21:08:38 GMT
Content-Type: application/json;charset=ISO-8859-1
Content-Length: 175
Server: Jetty(8.1.4.v20120524)
{"status":true,"host":"<myServerName>","port":1935,"liveHost":"<myServerName>","livePort":5080,"gsid":"abcde","connCount":2,"maxConns":25000,"version":"1.0"}但是,firefox似乎阻止了请求,因此ajax调用总是击中我的失败处理程序。这似乎很奇怪..。
回答 2
Stack Overflow用户
回答已采纳
发布于 2014-07-10 20:31:37
看起来,您的请求请求发送内容类型请求头的权限,并且它需要发送凭据的权限。
据我所知,您的请求头似乎是正确的。但是,您的响应应该包含另外两个标题:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:content-type下面是一个来自我工作过的另一个站点的飞行前请求的示例,以及飞行前的响应:
以下是飞行前选项请求头
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, applicationname
Access-Control-Request-Method:GET
Cache-Control:no-cache
Connection:keep-alive
Cookie:*sanitized cookie data*
Host:sanitized.domain.com
Origin:https://sanitized.domain.com
Pragma:no-cache
Referer:https://sanitized.domain.com/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36随后,以下是飞行前响应头:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:applicationname
Access-Control-Allow-Origin:https://sanitized.domain.com
Cache-Control:no-cache
Connection:keep-alive
Content-Length:0
Date:Thu, 10 Jul 2014 20:19:25 GMT
Expires:-1
Pragma:no-cache
Server:Microsoft-IIS/8.0
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET请注意访问控制允许凭据和访问控制允许标头的添加.还要注意我的请求在访问控制请求头中发送了“接受”,并且响应没有包含“接受”。这是因为“接受”被认为是一个简单的标题,如这里所定义的:http://www.w3.org/TR/cors/#simple-header。此外,仅当内容类型的值为下列之一时,它才可被限定为一个简单的标题:
- 文本/纯文本
- 多部分/表格-数据
- 应用程序/x-www-表单-urlencoded
在您的情况下,由于内容类型是application/json,您需要一个包含“内容类型”的响应头,如上面所示。
更新:在预置请求之后发生的请求和响应应该包含相同的CORS头,以防止浏览器拒绝请求和/或响应。至少,您希望响应包含访问控制-允许-凭据和访问控制-允许-原产地标头。
Stack Overflow用户
发布于 2014-07-10 20:10:53
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/24685330
复制相关文章
相似问题
腾讯云开发者
