javascript GET 与 Postman 一起工作,而不是与 Ajax 一起工作?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31466420/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
GET working with Postman, but not with Ajax?
提问by thebighoncho
I'm attempting to do a simple GET request from a server hosting some account data. The request requires an Authorization header in order to function correctly. I have performed the GET request and retrieved the data successfully in Postman, but attempting to do so in Javascript via Ajax results in a "Invalid HTTP status code 405" error.
我正在尝试从托管一些帐户数据的服务器执行简单的 GET 请求。该请求需要一个 Authorization 标头才能正常运行。我已经执行了 GET 请求并在 Postman 中成功检索了数据,但是尝试通过 Ajax 在 Javascript 中执行此操作会导致“无效的 HTTP 状态代码 405”错误。
Below is a link to a fiddle and a screenshot of the Postman settings. Thanks.!
下面是一个小提琴的链接和邮递员设置的屏幕截图。谢谢。!
$.ajax({
beforeSend: function(xhrObj){
xhrObj.setRequestHeader("Authorization","Bearer tj7LTLycpQC6DRup5BkHUO7uVbYaAZI40");
},
type: "GET",
url: "https://api05.iq.questrade.com/v1/accounts",
success: function(e){
console.log(e)
}
});
http://jsfiddle.net/Ldjbp2j8/1/
回答by Quentin
From Chrome's JS console:
从 Chrome 的 JS 控制台:
Failed to load resource: the server responded with a status of 405 (Method Not Allowed)
加载资源失败:服务器响应状态为 405(方法不允许)
Because you are adding an Authorization header, you have made the request complex. This requires the browser to make a preflight OPTIONS requestto ask for permission to send the complex request.
因为您要添加 Authorization 标头,所以您使请求变得复杂。这需要浏览器发出预检 OPTIONS 请求以请求发送复杂请求的许可。
The server you are making the request to is responding saying that OPTIONS requests are not allowed to that URL.
您向其发出请求的服务器正在响应,说该 URL 不允许 OPTIONS 请求。
You will need to modify the server so that it responds appropriately to the preflight CORS request.
您将需要修改服务器,以便它对预检 CORS 请求做出适当的响应。
Postman doesn't need to make a preflight request because your browser trusts Postman's code. It doesn't know if it can trust the code it received from JSFiddle (AKA potential evil hacker site) with the data api05.iq.questrade.com (AKA potential online banking or company Intranet site) is willing to share with it.
Postman 不需要发出预检请求,因为您的浏览器信任 Postman 的代码。它不知道它是否可以信任它从 JSFiddle(又名潜在的邪恶黑客站点)收到的代码以及 api05.iq.questrade.com(又名潜在的网上银行或公司内网站点)愿意与它共享的数据。
回答by Xeon
Look at the console errors:
查看控制台错误:
XMLHttpRequest cannot load https://api05.iq.questrade.com/v1/accounts.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://fiddle.jshell.net' is therefore not allowed access. The response had HTTP status code 405.
This is the CORS issue. Browsers sent OPTIONS aka pre-flight request to the server if the domain doesn't match with the domain of the running code. And you must add the required headers to the responses as well.
这是 CORS 问题。如果域与正在运行的代码的域不匹配,浏览器会向服务器发送 OPTIONS 又名飞行前请求。并且您还必须将所需的标头添加到响应中。
You must modify server to handle that.
您必须修改服务器来处理它。
You can also use JSONP as an alternative.
您也可以使用 JSONP 作为替代。
