Javascript 使用跨域帖子发送凭据?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2054316/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Sending credentials with cross-domain posts?
提问by David Wolever
According to Requests with credentials, Firefox will only send credentials along with cross-domain posts if
根据带有凭据的请求,Firefox 只会在以下情况下发送凭据以及跨域帖子
invocation.withCredentials = "true";
invocation.withCredentials = "true";
is set… But it doesn't seem like jQuery's Ajax API provides any mechanism for this.
已设置……但似乎 jQuery 的 Ajax API 并没有为此提供任何机制。
Is there something I've missed? Is there some other way I can do it?
有什么我错过了吗?我还有其他方法可以做到吗?
回答by Kangur
Functionality is supposed to be broken in jQuery 1.5.
功能应该在 jQuery 1.5 中被破坏。
Since jQuery 1.5.1 you should use xhrFields param.
从 jQuery 1.5.1 开始,你应该使用 xhrFields 参数。
$.ajaxSetup({
type: "POST",
data: {},
dataType: 'json',
xhrFields: {
withCredentials: true
},
crossDomain: true
});
Docs: http://api.jquery.com/jQuery.ajax/
文档:http: //api.jquery.com/jQuery.ajax/
Reported bug: http://bugs.jquery.com/ticket/8146
回答by Doug Neiner
You can use the beforeSendcallback to set additional parameters (The XMLHTTPRequestobject is passed to it as its only parameter).
您可以使用beforeSend回调来设置其他参数(XMLHTTPRequest对象作为其唯一参数传递给它)。
Just so you know, this type of cross-domain request will not work in a normal site scenario and not with any other browser. I don't even know what security limitations FF 3.5 imposes as well, just so you don't beat your head against the wall for nothing:
正如您所知,这种类型的跨域请求在正常站点场景中不起作用,也不适用于任何其他浏览器。我什至不知道 FF 3.5 强加了哪些安全限制,只是为了让您不要白白撞墙:
$.ajax({
url: 'http://bar.other',
data: { whatever:'cool' },
type: 'GET',
beforeSend: function(xhr){
xhr.withCredentials = true;
}
});
One more thing to beware of, is that jQuery is setup to normalize browser differences. You may find that further limitations are imposed by the jQuery library that prohibit this type of functionality.
还要注意的另一件事是,jQuery 设置为规范浏览器差异。您可能会发现 jQuery 库施加了进一步的限制,禁止此类功能。
回答by chim
In jQuery 3 and perhaps earlier versions, the following simpler config also works for individual requests:
在 jQuery 3 以及可能更早的版本中,以下更简单的配置也适用于单个请求:
$.ajax(
'https://foo.bar.com,
{
dataType: 'json',
xhrFields: {
withCredentials: true
},
success: successFunc
}
);
The full error I was getting in Firefox Dev Tools -> Network tab (in the Security tab for an individual request) was:
我在 Firefox Dev Tools -> Network 选项卡(在单个请求的 Security 选项卡中)中得到的完整错误是:
An error occurred during a connection to foo.bar.com.SSL peer was unable to negotiate an acceptable set of security parameters.Error code: SSL_ERROR_HANDSHAKE_FAILURE_ALERT
连接到 foo.bar.com 期间发生错误。SSL 对等方无法协商可接受的安全参数集。错误代码:SSL_ERROR_HANDSHAKE_FAILURE_ALERT
