jQuery的的getJSON犯规发送cookie [英] jQuery getJSON doesnt send cookies

问题描述

我在域1表格域2包括JS

i am including JS on domain1 form domain2

<script type="text/javascript" src="http://www.domain2.com/script.js"></script>

该脚本没有按onload事件和按钮，单击一个JSONP请求DOMAIN2

that script doesn onload and on button click a JSONP request to domain2

$.getJSON( 'http://www.domain2.com/process?callback=?',
    function(data){
        if ( data ) processData( data );
    }
);

然后显示在域1中的数据。

and then displaying the data on domain1.

因此​​，这里是我的问题： 该请求的getJSON发送犯规饼干到域2。 最奇怪的是，它并半天，另一半不发送的cookie。 ： - ）

So here is my problem: The getJSON request doesnt send cookies to the domain2. The weirdest thing is that it does send the cookies half a day and the other half not. :-)

这是怎么要求的样子，当它不工作：

This is how the request looks like when it doesnt work:

Request details
GET /ajax/embed-user-library?detail=98&callback=jsonp1312398534998 HTTP/1.1 
User-Agent: Opera/9.80 (Windows NT 6.1; U; en) Presto/2.9.168 Version/11.50
Host: www.floowie.com
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: en,sk-SK;q=0.9,sk;q=0.8
Accept-Encoding: gzip, deflate
Referer: http://www.sokker.cz/en/test2
Connection: Keep-Alive

Response details
HTTP/1.1 200 OK 
Date: Wed, 03 Aug 2011 19:06:51 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.5-0.dotdeb.1
Set-Cookie: SESSID=64292b70dc28d7c6c9f13f70070353d8; path=/; domain=.floowie.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 34
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/json

这时候它的工作原理（在脚本中没有改变）：

And this when it works(nothing changed in the scripts):

Request details
GET /ajax/embed-user-library?detail=99&test=1&callback=jsonp1312398534999 HTTP/1.1 
User-Agent: Opera/9.80 (Windows NT 6.1; U; en) Presto/2.9.168 Version/11.50
Host: test1.floowie.com
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: en,sk-SK;q=0.9,sk;q=0.8
Accept-Encoding: gzip, deflate
Referer: http://www.sokker.cz/en/test2
Cookie: __utma=254918925.1489796832.1301725317.1312260335.1312298033.44; __utmz=254918925.1312298033.44.11.utmcsr=sokker.cz|utmccn=(referral)|utmcmd=referral|utmcct=/en/test2; lang=en; FLWSESSID=ddd1bc696f83f5a70b5f0f3ae30b4691; __utma=121955676.1030804516.1282595153.1312390656.1312397285.194; __utmb=121955676.8.10.1312397285; __utmc=121955676; __utmz=121955676.1312397285.194.21.utmcsr=floowie.crmserver.cz|utmccn=(referral)|utmcmd=referral|utmcct=/index.php
Connection: Keep-Alive

Response details
HTTP/1.1 200 OK 
Date: Wed, 03 Aug 2011 19:07:45 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.5-0.dotdeb.1
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 20
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/json

是否有人看到这样的行为？ 它是可以解决的？

Did someone see such a behaviour? Is it solvable?

感谢您

推荐答案

如果你想使用AJAX的请愿书在不同的域/子域，你必须实现跨起源请求。

If you want to use AJAX petitions over different domains/subdomains you have to implement Cross Origin Requests.

参考文献：

• <一个href="http://hacks.mozilla.org/2009/07/cross-site-xmlhtt$p$pquest-with-cors/">http://hacks.mozilla.org/2009/07/cross-site-xmlhtt$p$pquest-with-cors/
• <一个href="https://developer.mozilla.org/en/http_access_control">https://developer.mozilla.org/en/http_access_control

• http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
• https://developer.mozilla.org/en/http_access_control

例如：

• <一个href="http://arunranga.com/examples/access-control/">http://arunranga.com/examples/access-control/

您的服务器需要发送这个头文件：

Your server needs to send this headers:

• 访问控制 - 允许 - 原产地：test1.floowie.com
• 访问控制 - 允许-证书：真//允许的Cookie /会话证书
• 访问控制 - 允许 - 方法：GET，POST，PUT，DELETE，OPTIONS

• Access-Control-Allow-Origin: test1.floowie.com
• Access-Control-Allow-Credentials: true // allow cookie/session credentials
• Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS

您可以返回访问控制 - 允许 - 原产地全局或设置具体取决于您输入的原产地（$ _ SERVER ['HTTP_ORIGIN']）请求头。也适用于访问控制 - 允许 - 方法

You can return the Access-Control-Allow-Origin globally or set specifically dependent of your input Origin ($_SERVER['HTTP_ORIGIN']) request header. Also apply for Access-Control-Allow-Methods.

您必须执行选项上访。第一个AJAX调用之前，现代的浏览器调用与OPTIONS方法的URL来检索上述标题。

You must implement the OPTIONS petition. Before the first AJAX call, modern browsers call that URL with an OPTIONS method to retrieve the above headers.

确定这是第一部分，第二个是用jQuery。阅读非常小心此页： http://api.jquery.com/jQuery.ajax/

Ok this is the first part, the second is with jQuery. Read very carefully this page: http://api.jquery.com/jQuery.ajax/

您将需要添加一些选项，每一个AJAX调用，您可以在全球做到这一点：

You will need to add some options to every AJAX call, you can do it globally:

$(document).ajaxSend(function (event, xhr, settings) {
    settings.xhrFields = {
        withCredentials: true
    };
});

或特定的：

$.ajax({
    url: a_cross_domain_url,
    xhrFields: {
        withCredentials: true
    }
});

这个问题让我失去了许多小时...希望它帮助。

This issue made ​​me lose many hours... hope it helps.

请注意，你不会需要设置你的Cookie域为.floowie.com如果你想要的。

Note that you won't need to set your cookie domain as ".floowie.com" if you want.

这篇关于jQuery的的getJSON犯规发送cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！