javascript 我可以在跨域 json 请求中设置标头吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14153569/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Can I set headers in cross domain json requests?
提问by fantastischIdee
I have done some research on the internet, but I didn't manage to get the complete picture about this subject. Can anyone help to solve this answer for now and forever?
我在互联网上做了一些研究,但我没有设法获得关于这个主题的完整图片。任何人都可以帮助现在和永远解决这个答案吗?
This is what I found so far:
这是我到目前为止发现的:
- It is possible to do cross domain call with jsonp. Altering headers in jsonp call is never allowed
- It is possible to do cross domain call with json if the server allows it.
- 可以使用 jsonp 进行跨域调用。永远不允许在 jsonp 调用中更改标头
- 如果服务器允许,可以使用 json 进行跨域调用。
This is what I am trying to do :
这就是我想要做的:
$.ajax({
type: "GET",
crossDomain: true,
beforeSend: function (request) {
request.setRequestHeader("Authorization", "Bearer " + ($("#accesstoken").val()));
},
contentType: "application/json; charset=utf-8",
url: myJSonServer + encodeURI(operation),
dataType: 'json',
cache: false,
success: callback,
error: function (jqXhr, textStatus, errorThrown) { alert(textStatus + ": " + errorThrown); }
});
This is what is happening:
这是正在发生的事情:
- When the myJSonServer is on the same domain, there is no problem at all
- When the myJSonServer is on another domain the request is sent, but without the Bearer header
- 当myJSonServer在同一个域时,完全没有问题
- 当 myJSonServer 在另一个域上时,请求被发送,但没有 Bearer 标头
This Bearer header is part of the oAuth2 standard.
此 Bearer 标头是 oAuth2 标准的一部分。
I'm aware of the fact that maybe this is not the best solution, setting the accessToken in the Browser. And I know I could use a proxy for this situation.
我知道这可能不是最好的解决方案,在浏览器中设置 accessToken。我知道我可以在这种情况下使用代理。
I am just curious if it is or will be possible to set the headers on a cross-domain json request?
Thanks
我只是好奇是否可以或可以在跨域 json 请求上设置标头?
谢谢
-- Problem solved
- 问题解决了
I was using MVC4 and added crossDomainScriptAccessEnabled="true" in the web.config. I thought this would be enough, but the answer of apsillers solved my problem. I have now added this in my web.config :
我正在使用 MVC4 并在 web.config 中添加了 crossDomainScriptAccessEnabled="true"。我认为这已经足够了,但是 apsillers 的回答解决了我的问题。我现在已经在我的 web.config 中添加了这个:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Authorization" />
</customHeaders>
</httpProtocol>
</system.webServer>
回答by apsillers
With JSONP, setting custom headers is not possible.
使用 JSONP,无法设置自定义标头。
With CORS, the server must send the Access-Control-Allow-Headersheader to allow uncommon request headers from the client. From the HTML5 Rocks CORS page:
使用 CORS,服务器必须发送Access-Control-Allow-Headers标头以允许来自客户端的不常见请求标头。从HTML5 Rocks CORS 页面:
Access-Control-Allow-Headers... - Comma-delimited list of the supported request headers.
Access-Control-Allow-Headers... - 支持的请求标头的逗号分隔列表。
Thus, your server must send a Access-Control-Allow-Headers: Authorizationto let the browser know it is permissible to send Authorizationto the server with the request. Without this sever header, the browser will only send a few common headers with the request and ignore the rest.
因此,您的服务器必须发送 aAccess-Control-Allow-Headers: Authorization以让浏览器知道允许Authorization将请求发送到服务器。如果没有这个服务器头,浏览器只会随请求发送一些常见的头,而忽略其余的。
回答by ijse
Since "jsonp" works by creating an script tag and using the attribute src=to load resource from another domain. So I don't think there is a way to modify request headers.
由于“jsonp”通过创建脚本标签并使用该属性src=从另一个域加载资源来工作。所以我认为没有办法修改请求头。
回答by Ivan Zuzak
If you are using JSONP for making cross-origin request - then the answer is no, you can't set HTTP headers on such requests. If you are using CORS for making cross-origin requests - then the answer is yes, since you are using plain XHR to make the request: http://en.wikipedia.org/wiki/Cross-origin_resource_sharing.
如果您使用 JSONP 进行跨域请求 - 那么答案是否定的,您不能在此类请求上设置 HTTP 标头。如果您使用 CORS 进行跨域请求 - 那么答案是肯定的,因为您使用的是普通 XHR 来发出请求:http: //en.wikipedia.org/wiki/Cross-origin_resource_sharing。
