jQuery AJAX 帖子不适用于 HTTPS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12943274/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
AJAX post not working with HTTPS
提问by Weston Boone
I am having a rather frustrating problem with the jquery post function that probably stems from not understanding how it works correctly.
我对 jquery post 函数有一个相当令人沮丧的问题,这可能源于不了解它是如何正确工作的。
I have a function that should post some form information to a php script that I wrote and that script then runs curl requests against an API to get around the cross-domain policy of javascript. It seems to work fine as long as it submits to "http" but when I send it to "https" the form never gets submitted.
我有一个函数应该将一些表单信息发布到我编写的 php 脚本,然后该脚本针对 API 运行 curl 请求以绕过 javascript 的跨域策略。只要它提交到“http”,它似乎就可以正常工作,但是当我将它发送到“https”时,表单永远不会被提交。
I ran wireshark on my computer and it showed no traffic towards the destination ip until I made the url use http. I have basic auth on the server so I am passing the user and password through the url, but tested without that there and got the same results.
我在我的电脑上运行了wireshark,在我让url使用http之前它没有显示到目标ip的流量。我在服务器上有基本身份验证,所以我通过 url 传递用户和密码,但没有在那里进行测试并得到相同的结果。
Here is the not working code:
这是不工作的代码:
$j.post("https://<api user>:<password>@<ip>:444/ProxyScript.php",
$j("#spoke_ticket").serialize(),
function(msg) {
log_status(msg);
fade_status();
$j(':input','#createtheticket')
.not(':button, :submit, :reset, :hidden')
.val('')
.removeAttr('checked')
.removeAttr('selected');
});
Here is the working function:
这是工作功能:
$j.post("http://<other ip>/ProxyScript.php",
$j("#spoke_ticket").serialize(),
function(msg) {
log_status(msg);
fade_status();
$j(':input','#createtheticket')
.not(':button, :submit, :reset, :hidden')
.val('')
.removeAttr('checked')
.removeAttr('selected');
});
Any ideas as to why the traffic is not being sent? Let me know if I left out some key information or anything.
关于为什么没有发送流量的任何想法?如果我遗漏了一些关键信息或任何内容,请告诉我。
Thanks for the help
谢谢您的帮助
采纳答案by davidkonrad
Why not use a proxyto get over the cross-domain issue? It sounds more easy. An simple example is when i want to retrieve the danish administration national geo-data for counties,road names and so on (lucky for me, their data is in json or XML optional)
为什么不使用代理来解决跨域问题?听起来更容易。一个简单的例子是当我想检索丹麦政府国家地理数据的县、道路名称等(对我来说幸运的是,他们的数据是 json 或 XML 可选)
simplified proxy.php
简化的proxy.php
<?
header('Content-type: application/json');
$url=$_GET['url'];
$html=file_get_contents($url);
echo $html;
?>
in ajax, get the lat/longs for a county borderline
在 ajax 中,获取县边界的纬度/经度
var url= "proxy.php?url=https://geo.oiorest.dk/"+type+"/"+nr+"/graense.json";
$.ajax({
url: url,
dataType: 'json',
success: function (data) {
...
});
notice the https - the url could be, real example, https://geo.oiorest.dk/kommuner/0810/graense.json
注意 https - url 可能是,真实的例子,https://geo.oiorest.dk/kommuner/0810/graense.json
回答by Marius Danila
If you are doing the AJAX post from a http page to a https URL then the Cross-Domain policy kicks in because the protocol is also part of the origin specification, as it is described here. The browser will refuse to make the AJAX call, so that's why you're not seeing any traffic.
如果你正在做的,因为该协议也是起源规范的一部分,因为它是描述从HTTP页面的AJAX张贴到HTTPS URL,则跨域策略踢这里。浏览器将拒绝进行 AJAX 调用,因此您看不到任何流量。
A solution is discussed here:
这里讨论了一个解决方案:
Ajax using https on an http page
So your best bet is the Access-Control-Allow-Originheader which should be supported on most modern browsers now.
所以你最好的选择是Access-Control-Allow-Origin标头,现在大多数现代浏览器都应该支持它。
So make your server add the following header to the responses:
因此,让您的服务器在响应中添加以下标头:
Access-Control-Allow-Origin: https://www.mysite.com
If for some reason you cannot enforce this, then the only choice left would be JSONP.
如果由于某种原因您无法强制执行此操作,那么剩下的唯一选择就是JSONP。
