AJAX POST错误:拒绝设定不安全头"连接" [英] AJAX post error : Refused to set unsafe header "Connection"
问题描述
我有以下的自定义AJAX功能恢复到PHP文件的职位数据。每次数据后发生了,我得到以下两个错误:
I have the following custom ajax function that posts data back to a PHP file. Everytime the post of data happens I get the following two errors :
拒绝设定不安全头内容长度
拒绝设定不安全头连接
Refused to set unsafe header "Content-length"
Refused to set unsafe header "Connection"
code:
function passposturl(url1, params, obj)
{
//url1 = url1+"&sid="+Math.random();
xmlHttp = get_xmlhttp_obj();
xmlHttp.loadflag = obj;
xmlHttp.open("POST", url1, true);
//alert(url1);
//alert(params);
//alert(obj);
//alert(params.length);
xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlHttp.setRequestHeader("Content-length", params.length);
xmlHttp.setRequestHeader("Connection", "close");
xmlHttp.onreadystatechange = function ()
{
stateChanged(xmlHttp);
};
xmlHttp.send(params);
}
我是什么做错了吗?
What am I doing wrong?
推荐答案
删除这两行:
xmlHttp.setRequestHeader("Content-length", params.length);
xmlHttp.setRequestHeader("Connection", "close");
XMLHtt prequest不允许设置这些标头,它们被由浏览器自动设置。其原因是,通过操纵这些标题,你也许可以在服务器欺骗成接受过相同的连接,一个不会去通过正常的安全检查第二个请求 - 这将是在浏览器中的一个安全漏洞
XMLHttpRequest isn't allowed to set these headers, they are being set automatically by the browser. The reason is that by manipulating these headers you might be able to trick the server into accepting a second request through the same connection, one that wouldn't go through the usual security checks - that would be a security vulnerability in the browser.
这篇关于AJAX POST错误:拒绝设定不安全头"连接"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
