javascript jqXHR - http-status-code-403(但状态码为 0)

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/5661813/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-10-25 17:57:13  来源:igfitidea点击:

jqXHR - http-status-code-403 (but the statuscode is 0)

javascriptjqueryxmlhttprequesthttp-status-code-403

提问by Peter

i get the statuscode 0 ... but it is the code 403. Can someone tell me what the problem is?

我得到状态码 0 ...但它是代码 403。有人能告诉我问题是什么吗?

JQUERY

查询

  var jqxhr = $.ajax({
        url: 'http://gdata.youtube.com/feeds/api/users/bernd/favorites?alt=json',
        dataType: 'json'
    }).success(function(xhr) {
        alert(xhr.status);
    }).error(function(xhr) {
        alert(xhr.status);
        return false;
    })

DEMO-> http://jsfiddle.net/QFuBr/

演示-> http://jsfiddle.net/QFuBr/

Thanks in advance!
Peter

提前致谢!
彼得

回答by lonesomeday

The server gives a 403 error to a browser, because you don't have permission to access the resource, because of the error message reported ("Favorites of requested user are not public.").

服务器向浏览器提供 403 错误,因为您无权访问该资源,因为报告了错误消息(“请求的用户的收藏夹不公开。”)。

However, the server doesn't even getthe request in the jsFiddle example.

但是,服务器甚至没有收到jsFiddle 示例中的请求。

You aren't allowed to make cross-browser AJAX requests. This is called the same-origin policy. It is for security reasons, to prevent malicious coders from doing unpleasant things without your knowledge. It's a blunt tool, but an effective one.

不允许进行跨浏览器的 AJAX 请求。这称为同源策略。这是出于安全原因,以防止恶意编码人员在您不知情的情况下做令人不快的事情。这是一种生硬的工具,但却是一种有效的工具。

When you don't even get as far as sending a request to the server, there is no status code. This gets reported by the XMLHTTPRequest object (and its jqXHR wrapper) as 0.

当您甚至没有向服务器发送请求时,就没有状态代码。这被 XMLHTTPRequest 对象(及其 jqXHR 包装器)报告为0.

Basically, you can't do what you're trying to do in the browser.

基本上,您无法在浏览器中执行您尝试执行的操作。

If you need the browser to access data like this asynchronously, you'll need to write a wrapper on your server to fetch the information from the remote server and feed it to the browser. There is a workaround (it's called JSONP – JSON with Padding) but I don't believe YouTube supports it.

如果您需要浏览器像这样异步访问数据,则需要在服务器上编写一个包装器以从远程服务器获取信息并将其提供给浏览器。有一种解决方法(称为 JSONP – 带填充的 JSON),但我认为 YouTube 不支持它。



Edit: Per gradbot's answer, it is possible to do a JSONP request by changing your code to set dataTypeto jsonp.

编辑:根据gradbot 的回答,可以通过将代码更改为设置dataType来执行 JSONP 请求jsonp

However, you won't now be able to use xhr.status. This is because JSONP does not use the XHR object, so there is no status available to check.

但是,您现在将无法使用xhr.status. 这是因为 JSONP 不使用 XHR 对象,因此没有可检查的状态。

Here's a working example using the feed gradbot suggested. Note that the result object is passed to the handler, rather than the jqXHR object.

这是使用建议的提要 gradbot 的工作示例。请注意,结果对象被传递给处理程序,而不是 jqXHR 对象。

回答by gradbot

You need to set dataType: "jsonp"and you need to be logged in as the user you are trying to get favorites from. In this case I use my own username grabot and the alert comes back as success.

您需要设置dataType: "jsonp"并以您尝试从中获取收藏夹的用户身份登录。在这种情况下,我使用我自己的用户名grabot,警报成功返回。

If you don't have a valid cookie for the account your trying to access then the api call will return a 403with the content "Favorites of requested user are not public."

如果您尝试访问的帐户没有有效的 cookie,则 api 调用将返回403内容"Favorites of requested user are not public."

$(function() {
    var jqxhr = $.ajax({
        url: 'http://gdata.youtube.com/feeds/api/users/gradbot/favorites?alt=json',
        dataType: 'jsonp'
    }).success(function(data, status) {
        alert(status);
    }).error(function(xhr) {
        alert(xhr.status);
    })
});

回答by Anurag

The 403 is because you need to provide credentials for the user whose videos are being accessed. Assuming correct credentials are supplied, the request will still fail because of cross-domain restrictions.

403 是因为您需要为正在访问其视频的用户提供凭据。假设提供了正确的凭据,由于跨域限制,请求仍然会失败。

In most cases, status code 0implies that the request could not be sent to the server. Here's what the Chrome console logs show for your fiddle example.

在大多数情况下,状态代码0意味着无法将请求发送到服务器。这是 Chrome 控制台日志为您的小提琴示例显示的内容。

XMLHttpRequest cannot load http://gdata.youtube.com/feeds/api/users/bernd/favorites?alt=json. Origin http://fiddle.jshell.netis not allowed by Access-Control-Allow-Origin.

XMLHttpRequest 无法加载http://gdata.youtube.com/feeds/api/users/bernd/favorites?alt=json。Access-Control-Allow-Origin 不允许Origin http://fiddle.jshell.net

Youtube, in-fact all Google Data API'ssupport JSONPbut to use it, you have to pass an altparameter with the value json-in-scriptand specify the dataTypeas jsonp. jQuery will supply the callback parameter for you. Based on empirical testing, it appears that Youtube doesn't care about the altparameter to be specifically json-in-script. As long as a callbackparameter is specified, the altparameter can take just the value json.

Youtube,事实上所有谷歌数据 API 都支持JSONP,但要使用它,你必须传递一个alt带有值的参数json-in-script并指定dataTypeas jsonp。jQuery 将为您提供回调参数。根据经验测试,Youtube 似乎并不特别关心alt参数为json-in-script。只要callback指定了alt参数,参数就可以只取值json

http://gdata.youtube.com/feeds/api/users/gradbot/favorites?alt=jsonhttp://gdata.youtube.com/feeds/api/users/gradbot/favorites?alt=json&callback=foo

http://gdata.youtube.com/feeds/api/users/gradbot/favorites?alt=json http://gdata.youtube.com/feeds/api/users/gradbot/favorites?alt=json&callback=foo

Here's a working examplefor a publicly accessible feed.

这是一个可公开访问的提要的工作示例

$.ajax({
    url: 'http://gdata.youtube.com/feeds/mobile/videos?alt=json-in-script',
    dataType: 'jsonp',
    success: function(data) {
        // do something with data
    }
});

回答by igorti

You can't do cross-domain requests(be it GET or POST) due to security restrictions in most modern browsers.

由于大多数现代浏览器的安全限制,您无法执行跨域请求(无论是 GET 还是 POST)。

If you still want to fetch data from other domain consider using a reverse proxy that you install on you server and send all requests through. For browser it will still look like data comes from same domain.

如果您仍想从其他域获取数据,请考虑使用您在服务器上安装的反向代理并通过它发送所有请求。对于浏览器,它看起来仍然像数据来自同一个域。

One of the most popular ones is mod_reverse in Apache but there are other alternatives depending on what your server environment is.

最受欢迎的方法之一是 Apache 中的 mod_reverse,但根据您的服务器环境,还有其他选择。

Another alternative is to user JSONP if Google API supports it.

如果 Google API 支持,另一种选择是使用 JSONP。