javascript 使用 jQuery.ajax 请求和 jsonp 进行基本身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3571090/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Basic Authentication with jQuery.ajax request and jsonp
提问by Abel Vita
I have some local html/js files with which I'd like to invoke some remote servers via https and eventually use Basic Authentication for the request.
我有一些本地 html/js 文件,我想通过这些文件通过 https 调用一些远程服务器,并最终对请求使用基本身份验证。
I am encountering two problems. First is that if I don't specify 'jsonp' for the dataType, jQuery.ajax() request returns the error:
我遇到两个问题。首先,如果我没有为 dataType 指定 'jsonp',jQuery.ajax() 请求将返回错误:
Access to restricted URI denied code: 1012
访问受限 URI 被拒绝代码:1012
Are my requests considered cross-domain because my main work file is stored locally, but retrieving data from a server elsewhere?
我的请求是否被视为跨域,因为我的主要工作文件存储在本地,但从别处的服务器检索数据?
So fine, I update the call so it now looks like:
很好,我更新了电话,现在看起来像:
$.ajax({
url: myServerUrl,
type: "GET",
dataType: "jsonp", // considered a cross domain Ajax request if not specified
username: myUsername,
password: myPassword,
success: function(result)
{
// success handling
},
error: function(req, status, errThrown){
// error handling
}
})
Because I need to use Basic Authentication, I'm passing in the username/password but if I monitor the request, I don't see it being set and additionally, the server sends an error response since it doesn't have the expected info.
因为我需要使用基本身份验证,所以我传入了用户名/密码,但是如果我监视请求,我没有看到它被设置,此外,服务器发送错误响应,因为它没有预期的信息.
Additionally, because I have jsonpset, beforeSendwon't get invoked.
另外,因为我已经jsonp设置,beforeSend不会被调用。
How do I pass along the credentials using Basic Authentication for this request?
对于此请求,如何使用基本身份验证传递凭据?
回答by Nick Craver
The short version is you can't do this. Your suspicions are correct, because you're local and these files are remote, you can't access them, you're being blocked by the same-origin policy. The work-around for that is JSONP, but that really doesn't seem to apply to your situation...
简短的版本是你不能这样做。你的怀疑是正确的,因为你是本地的,而这些文件是远程的,你不能访问它们,你被同源策略阻止了。解决方法是JSONP,但这似乎不适用于您的情况......
JSONP works differently, it's a GET request via a <script>tag include to get the file, so you're not sending special headers or anything.
JSONP 的工作方式不同,它是通过<script>标签包含的 GET 请求来获取文件,因此您不会发送特殊的标头或任何内容。
You'll need to proxy the request through the server you're on (the domain of where this script is running) or another proxy option, but going from the client to another domain is blocked, mainly for security reasons.
您需要通过您所在的服务器(运行此脚本的域)或其他代理选项来代理请求,但是从客户端到另一个域的传输被阻止,主要是出于安全原因。
回答by Rui Jiang
Try doing http://user:password@restservice. This mimics a basic-auth request.
尝试做http://user:password@restservice。这模仿了基本身份验证请求。
回答by Matthew Flaschen
I think you'll have to add a server proxy of some sort. JSONP is just a particular way to use a script tag. Thus, it doesn't allow setting arbitrary headers. And of course, you can't do a cross-origin XHR.
我认为您必须添加某种服务器代理。JSONP 只是使用脚本标签的一种特殊方式。因此,它不允许设置任意标题。当然,您不能进行跨域 XHR。
