windows 为什么在使用 XMLHttpRequest 对象发送 POST 请求时 Content-Length 为 0?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1238480/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why Content-Length is 0 while sending POST request with XMLHttpRequest object?
提问by Vitaly
I have a virtual directory on IIS 5.1 with two aspx pages. Access to Page1 configured as "Integrated Windows Authentication" option turned on and anonymous access is disabled. Page2 available through anonymous access. On client side there is XmlHttpRequest object that can send requests that contains POST data to this pages.
我在 IIS 5.1 上有一个带有两个 aspx 页面的虚拟目录。对配置为“集成 Windows 身份验证”选项的 Page1 的访问已打开并禁用匿名访问。Page2 可通过匿名访问获得。在客户端,有 XmlHttpRequest 对象可以将包含 POST 数据的请求发送到此页面。
At first I try to send request to Page1. Standard Windows Authentication dialog appears, I entering my credentials and Page1 succesfully receiving POST data. After that I try to make the same POST request to Page2 that can be accessed anonymously. And in this case Request has header Content-Length=0, and no any data has been sended.
起初我尝试向 Page1 发送请求。标准 Windows 身份验证对话框出现,我输入我的凭据和 Page1 成功接收 POST 数据。之后,我尝试向可以匿名访问的 Page2 发出相同的 POST 请求。在这种情况下,Request 的头部 Content-Length=0,并且没有发送任何数据。
If to repeat request to Page1 - it successfully receiving POST data. The same code is working good in Firefox 3.5. Page2 can receive data even after sending request to Windows Authentication required Page1. What can be wrong? And maybe it is any workaround for this problem?
如果向 Page1 重复请求 - 它成功接收 POST 数据。相同的代码在 Firefox 3.5 中运行良好。即使向需要 Windows 身份验证的页面 1 发送请求,页面 2 也可以接收数据。有什么问题?也许这是解决此问题的任何解决方法?
Thanks!
谢谢!
Sending data:
发送数据:
function sendRequest() {
var url = "http://tom/AuthTest/Default.aspx";
var data = "data";
reqSend(url, data);
}
function sendRequestToWinAuth() {
var url = "http://tom/AuthTest/DefaultWA.aspx";
var data = "newdata";
reqSend(url, data);
}
function reqSend(url, data) {
var xmlhttp = createRequestObject();
if (!xmlhttp) {
alert("Cannot create XMLHttpRequest object.");
return;
}
try {
xmlhttp.open("POST", url, false);
xmlhttp.send(data);
}
catch (ex) {
alert("Error: " + ex.message);
}
}
Request to Page1:
对第 1 页的请求:
POST /AuthTest/DefaultWA.aspx HTTP/1.1
Accept: */*
Referer: http://tom/AuthTest/client/testauth.html
Accept-Language: ru
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: tom
Content-Length: 7
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: innovator_user=admin
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAoACgBIAAAABgAGAFIAAAAGAAYAWAAAAAAAAACOAAAABYKIogUBKAoAAAAPcwBjAGEAbgBkAHQAbwBtAFQATwBNAGUdQIkWMQ6PAAAAAAAAAAAAAAAAAAAAAAo3goJdI7RH9poJwnjypksH2F2pIzbEOQ==
newdata
Request to Page2:
对第 2 页的请求:
POST /AuthTest/Default.aspx HTTP/1.1
Accept: */*
Referer: http://tom/AuthTest/client/testauth.html
Accept-Language: ru
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: tom
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: innovator_user=admin
Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
Content-Length: 0
采纳答案by Vitaly
Seems i have found a way to keep pages requiring windows authentication and pages allowing anonymous access on one site.
似乎我找到了一种方法来保留需要 Windows 身份验证的页面和允许匿名访问的页面。
There 2 ways to do it:
有两种方法可以做到:
This behavior (bug) is only reproducing when using NTLM authentication. So to avoid it, we can setup a Kerberos authentication mode on IIS site. Here is a good detailed FAQ about IIS and Kerberos: http://www.adopenstatic.com/faq/
To tell a thruth I have tried to follow the first way, but really my IIS doesn't want to use Kerberos anyway. On other hand I try to check this situation on another machine - and was surprised - Kerberos authentication was used there by default. I have tried to found any difference in configurations - but not successfull. So there is the second way:
Using Windows Authentication mode on a directory or file in a separate directory. For example we have some structure like:
- ../Default.aspx
- ../auth/DefaultWinAuth.aspx
- ../auth/DefaultWinAuth2.aspx
We can set IWA (Integrated Windows Authentication) mode on 'auth' directory or DefaultWinAuth page. After that all files and subdirectories that are included in this folder or situated on the same level as 'DefaultWinAuth.aspx' page will not be able to receive POST data. But all other files and directories outside directory 'auth' will work fine.
此行为(错误)仅在使用 NTLM 身份验证时重现。所以为了避免这种情况,我们可以在 IIS 站点上设置 Kerberos 身份验证模式。以下是关于 IIS 和 Kerberos 的详细常见问题解答:http: //www.adopenstatic.com/faq/
说实话,我尝试遵循第一种方式,但实际上我的 IIS 无论如何都不想使用 Kerberos。另一方面,我尝试在另一台机器上检查这种情况 - 并感到惊讶 - 默认情况下在那里使用 Kerberos 身份验证。我试图发现配置上的任何差异 - 但没有成功。于是就有了第二种方式:
在单独目录中的目录或文件上使用 Windows 身份验证模式。例如,我们有一些结构,如:
- ../默认.aspx
- ../auth/DefaultWinAuth.aspx
- ../auth/DefaultWinAuth2.aspx
我们可以在“auth”目录或 DefaultWinAuth 页面上设置 IWA(集成 Windows 身份验证)模式。之后,包含在此文件夹中或位于与“DefaultWinAuth.aspx”页面相同级别的所有文件和子目录将无法接收 POST 数据。但是目录“auth”之外的所有其他文件和目录都可以正常工作。
回答by JonoW
I've had this exact problem, apparently its by design in IE, check out this link: http://www.websina.com/bugzero/kb/browser-ie.html
我遇到了这个确切的问题,显然是在 IE 中设计的,请查看此链接:http: //www.websina.com/bugzero/kb/browser-ie.html
Basically IE won't send POST data to an unauthenticated URL/page if you are currently on an authenticated URL/page. I didn't find a work-around, I had to do something else, but let me know if you do figure out a way. Cheers
如果您当前位于经过身份验证的 URL/页面,则基本上 IE 不会将 POST 数据发送到未经身份验证的 URL/页面。我没有找到解决方法,我不得不做其他事情,但如果你想出办法,请告诉我。干杯
