javascript 在 Ajax.Request 中使用身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3298891/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using Authentication with Ajax.Request
提问by Nick DeMayo
I currently have a Palm WebOS application that uses an Ajax.Request to connect to a web service using basic authentication. To send the username and password, I simply include it in the url (i.e. http://username:password@ip-address:port/) which works exceedingly well, expect for when the password contains anything other than alphanumeric characters (for example, I had a user email me lately who included an "@" and an "&" in his password, and he wasn't able to connect because the symbols weren't getting parsed properly for the url). Is there any way around sending the credentials in the url so that I can allow users to use something other than just alphanumeric in their passwords?
我目前有一个 Palm WebOS 应用程序,它使用 Ajax.Request 连接到使用基本身份验证的 Web 服务。要发送用户名和密码,我只需将其包含在 url 中(即http://username:password@ip-address:port/),效果非常好,期望密码包含字母数字字符以外的任何内容(例如,我最近有一个用户给我发电子邮件,他的密码中包含一个“@”和一个“&”,他无法连接,因为符号没有正确解析为 url)。有什么办法可以绕过在 url 中发送凭据,以便我可以允许用户在密码中使用除字母数字以外的其他内容?
var username = cookie.get().servers[this.serverIndex].username;
var password = cookie.get().servers[this.serverIndex].password;
this.auth = 'Basic ' + Base64.encode(username + ':' + password);
var baseUrl = 'http://' + url + ':' + port + '/gui/';
this.baseUrl = baseUrl;
var request = new Ajax.Request(this.tokenUrl, {
method: 'get',
timeout: 2000,
headers: {
Authorization: this.auth
},
onSuccess: successFunc,
onFailure: this.failure.bind(this)
});
Response is (I removed the url for security reasons):
响应是(出于安全原因,我删除了网址):
{"request": {"options": {"method": "get", "asynchronous": true, "contentType": "application/x-www-form-urlencoded", "encoding": "UTF-8", "parameters": {}, "evalJSON": true, "evalJS": true, "timeout": 2000, "headers": {"Authorization": "Basic c3VubW9yZ3VzOmZyb2dneUAlMjY="}}, "transport": {"readyState": 4, "onloadstart": null, "withCredentials": false, "onerror": null, "onabort": null, "status": 401, "responseXML": null, "onload": null, "onprogress": null, "upload": {"onloadstart": null, "onabort": null, "onerror": null, "onload": null, "onprogress": null}, "statusText": "", "responseText": "", "UNSENT": 0, "OPENED": 1, "HEADERS_RECEIVED": 2, "LOADING": 3, "DONE": 4}, "url": ""
回答by Imre L
Send the Basic authentication info with header: http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html
发送带有标题的基本身份验证信息:http: //coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html
var auth = 'Basic ' + Base64.encode(user + ':' + pass);
Ext.Ajax.request({
url : url,
method : 'GET',
headers : { Authorization : auth }
});
回答by Pekka
You could try to encode the user name and password before they get sent using encodeURIComponent.
您可以尝试在用户名和密码使用encodeURIComponent.
More generally though, have you tested this method in IE8? Because it doesn't work for normal requests any more - the username:password@scheme has been disabled there for security reasons.
更一般地说,您是否在 IE8 中测试过这种方法?因为它不再适用于正常请求 -username:password@出于安全原因,该方案已在那里被禁用。
It could be, though, that they are still allowed in Ajax requests.
但是,它们可能仍被允许在 Ajax 请求中使用。
