jQuery 无法处理 ajax 中的 302 重定向,为什么?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15996779/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Cannot handle 302 redirect in ajax and why?
提问by Khanh TO
I have a back-end server written in asp.net mvc using Forms Authentication. When the user is not authenticated, the server will automatically send a 302 redirect to a Login action and return a Login page.
我有一个使用表单身份验证在 asp.net mvc 中编写的后端服务器。当用户未通过身份验证时,服务器将自动发送 302 重定向到登录操作并返回登录页面。
On client side, I have a list of items. This list is only accessible to authenticated users. On the page, I have a button to Refresh the list using Ajax ($.ajax function of jQuery).
在客户端,我有一个项目列表。只有经过身份验证的用户才能访问此列表。在页面上,我有一个按钮可以使用 Ajax(jQuery 的 $.ajax 函数)刷新列表。
Now, my problem is when the authentication ticket is timeout and the user clicks on the Refresh button:
现在,我的问题是当身份验证票超时并且用户单击刷新按钮时:
- My function sends an ajax request to get the refreshed list
- The server detects that the authentication ticket is not valid and issues a 302 redirect.
- The browser automaticallyhandles that 302 response and forces my ajax function to send another ajax request to the Login action and the final result is an HTML with status 200. My script is confused because the list is also an HTML with status 200.
- 我的函数发送一个 ajax 请求来获取刷新的列表
- 服务器检测到身份验证票无效并发出 302 重定向。
- 浏览器会自动处理 302 响应并强制我的 ajax 函数向登录操作发送另一个 ajax 请求,最终结果是状态为 200 的 HTML。我的脚本很混乱,因为列表也是状态为 200 的 HTML。
What I want is when the authentication ticket is timeout and the user clicks on the Refresh button, I should be able to detect that and display a message asking the user to Login.
我想要的是当身份验证票超时并且用户单击刷新按钮时,我应该能够检测到并显示一条消息要求用户登录。
I tried to workaround this by adding a custom header (IS_LOGIN) in the Login action and check that in my ajax response. But it is not a good solution.
我试图通过在登录操作中添加自定义标头 (IS_LOGIN) 并在我的 ajax 响应中检查来解决此问题。但这不是一个好的解决方案。
So my questions are:
所以我的问题是:
- What is the best way to deal with this problem?
- Why does the browser not let our script handle 302 response? and just automatically forces our ajax to create another request. This is a problem with the browser or jquery library? Any reasons for this? (security,...)
- 处理这个问题的最佳方法是什么?
- 为什么浏览器不让我们的脚本处理 302 响应?并自动强制我们的 ajax 创建另一个请求。这是浏览器还是jquery库的问题?这有什么原因吗?(安全,...)
Thanks for any replies.
感谢您的任何答复。
采纳答案by Bart
You shouldn't redirect the call when it's an XHR but respond with a 401 Unauthorizedand handle this in your callbacks. I don't know ASP.NET but I did something similar with Spring Security.
当它是 XHR 时,您不应该重定向呼叫,而是使用 a 响应401 Unauthorized并在您的回调中处理它。我不知道 ASP.NET,但我对 Spring Security 做了类似的事情。
Heres the concept:
这里的概念:
- Get the authenticated state
- Check the headers for
X-Requested-With: XMLHttpRequest - When found and not authenticated respond with
401 Unauthorized - When not found and not authenticated redirect.
- 获取认证状态
- 检查标题
X-Requested-With: XMLHttpRequest - 当找到但未通过身份验证时,响应
401 Unauthorized - 当未找到且未通过身份验证时重定向。
The bottom line is that XHR calls need to be handled differently then other HTTP requests in some cases. You should only redirect a XHR if the same resource is at another location.
最重要的是,在某些情况下,XHR 调用的处理方式需要与其他 HTTP 请求不同。如果相同的资源位于另一个位置,您应该只重定向 XHR。
To answer your question
回答你的问题
You can't handle redirects with XHR callbacks because the browser takes care of them automatically. You will only get back what at the redirected location.
您无法使用 XHR 回调处理重定向,因为浏览器会自动处理它们。您只会取回重定向位置的内容。
