Ric*_*ing 16 javascript jquery certificate cross-domain
我按照以下步骤操作:
问题
我从浏览器获取证书请求,但是当我选择与使用浏览器时相同的证书时,会进行调用,但我收到403 Forbidden.
码
$.ajax({
type: "POST",
xhrFields: {withCredentials: true},
dataType: "xml",
contentType: "text/xml; charset=\"utf-8\"",
url: "https://www.myOtherServer.com/testfile.asp",
});
有任何想法吗?
编辑
在Access-Control-Allow-Credentials: true与Access-Control-Allow-Origin配置是否正确.
附加信息
我开始认为它与内容类型有关.当我更改它时,"text/html"我得到一个415错误,但我确实需要发送xml,因为它是一个SOAP服务器.
响应标头
Access-Control-Allow-Cred... true
Access-Control-Allow-Head... Content-Type, Origin, Man, Messagetype, Soapaction, X-Test-Header
Access-Control-Allow-Meth... GET,POST,HEAD,DELETE,PUT,OPTIONS
Access-Control-Allow-Orig... https://www.mywebsite.com
Access-Control-Max-Age 1800
Cache-Control private
Content-Length 5561
Content-Type text/html; charset=utf-8
Date Wed, 19 Dec 2012 15:06:46 GMT
Server Microsoft-IIS/7.5
X-Powered-By ASP.NET
请求标头
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language nl,en-us;q=0.7,en;q=0.3
Access-Control-Request-He... content-type
Access-Control-Request-Me... POST
Cache-Control no-cache
Connection keep-alive
Host myhoast.com
Origin https://www.mywebsite.com
Pragma no-cache
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
Emi*_*ily 10
我最好的猜测是,这是一个问题,不是你的Javascript,而是你的CORS配置.您是否使用Access-Control-Allow-Credentials: true标头设置了服务器?http://www.w3.org/TR/cors/#access-control-allow-credentials-response-header
另请注意,即使设置了allow-credentials标头,如果Access-Control-Allow-Origin是*,浏览器也不允许对凭证请求做出响应,根据这些文档:https://developer.mozilla.org/en-US/docs/HTTP/ Access_control_CORS?redirectlocale = en-US&redirectslug = HTTP_access_control #Requests_with_credentials.
编辑:由于OP已正确设置CORS标头,问题似乎是服务器拒绝具有403状态代码的OPTIONS请求.OPTIONS请求(称为"预检请求")在某些跨域请求(例如具有application/xml内容类型的POST)之前发送,以允许服务器通知浏览器允许哪些类型的请求.由于浏览器没有从OPTIONS请求中看到它所期望的200响应,因此它不会触发实际的POST请求.
| 归档时间: |
|
| 查看次数: |
29642 次 |
| 最近记录: |