跨原始资源共享与PrototypeJS [英] Cross Origin Resource Sharing with PrototypeJS
问题描述
我对跨源资源共享和原型有一些麻烦。我对外部资源有一个简单的post请求,对于一个简单的post请求,有一些必须满足的规则:
Content-Type必须是应用程序/ x-www-form-urlencoded,multipart / form-data或text / plain,一个简单的请求不会使用http请求设置自定义标头,并且服务器必须设置Access-Control-Allow-Origin头。 / p>
用一个vanilla JavaScript XMLHttpRequest一切正常,但PrototypeJS它不会工作,因为它的接缝Prototype设置一些自定义标题,我不知道如何防止它。
我在Prototype中尝试了:
new Ajax.Request ('some.foreign-host.com/res.php',{
method:'post',
postBody:'foo = bar',
contentType:'application / x-www -form-urlencoded',
onSuccess:function(e){
// some custom code
}
});
任何想法如何让Prototype发送这样一个简单的CORS请求?
我有一个由平常的 JavaScript XMLHttpRequest 创建的标题的转储:
POST /bthesis/returnJSON.php HTTP / 1.1
主机:foreign-host.com
连接:keep-alive
参考: this-host.com
Content-Length:9
原产地:this-host.com
Content-Type:application / x-www-form-urlencoded; charset = UTF-8
接受:* / *
用户代理:[...]
接受编码:gzip,deflate,sdch
Accept-Language: DE,de; q = 0.8,en-US; q = 0.6,en; q = 0.4
Accept-Charset:ISO-8859-1,utf-8; q = 0.7, $ b
以及由原型请求创建的标题:
选项/bthesis/returnJSON.php HTTP / 1.1
主机:foreign-host.com
连接:keep-alive
参考:this-host.com
访问控制请求方法:POST
原产地:this-host.com
访问控制请求头:X-Prototype-Version, X-Requested-With,Content-type,Accept
Accept:* / *
User-Agent:[...]
Accept-Encoding:gzip,deflate,sdch
Accept-Language:de-DE,de; q = 0.8,en-US; q = 0.6,en; q = 0.4
Accept-Charset:ISO-8859-1,utf-8; q = 0.7, ; q = 0.3
Prototype使用完全不同的标头集... console:
XMLHttpRequest无法加载foreign-host.com/bthesis/returnJSON.php。请求头字段Access-Control-Allow-Headers不允许X-Prototype-Version。
拒绝获取不安全的头X-JSON
奇怪的是,Webserver在这两种情况下都返回请求的资源资源查看开发者控制台在chrome),但它的接缝,原型没有访问它以某种方式
具有相同的问题。链接@mplungjan共享包含答案:
您只需让浏览器知道 x-json
头文件是安全的通过使用 access-control-expose-headers
Rails控制器
headers ['Access-Control-Expose-Headers'] ='x-json'
(这应该很容易翻译成其他编程语言:))
有关此第页
I am having some trouble with Cross Origin Resource Sharing and Prototype. I have a simple post request to a foreign resource, and for a simple post request there are some rules that must be satisfied:
the Content-Type must be on of application/x-www-form-urlencoded, multipart/form-data, or text/plain, a simple request does not set custom headers with the http Request, and the Server must set the Access-Control-Allow-Origin header correct.
with a vanilla JavaScript XMLHttpRequest everything works fine but with PrototypeJS it won't work because it seams Prototype sets some custom headers and I don't know how to prevent it.
I tried it in Prototype via:
new Ajax.Request('some.foreign-host.com/res.php', {
method: 'post',
postBody: 'foo=bar',
contentType: 'application/x-www-form-urlencoded',
onSuccess: function(e){
// some custom code
}
});
Any idea how to get Prototype to send such a simple CORS Request?
I have a dump of the Headers created by a plain JavaScript XMLHttpRequest:
POST /bthesis/returnJSON.php HTTP/1.1
Host: foreign-host.com
Connection: keep-alive
Referer: this-host.com
Content-Length: 9
Origin: this-host.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
User-Agent: [...]
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
and the Headers created by a Prototype Request:
OPTIONS /bthesis/returnJSON.php HTTP/1.1
Host: foreign-host.com
Connection: keep-alive
Referer: this-host.com
Access-Control-Request-Method: POST
Origin: this-host.com
Access-Control-Request-Headers: X-Prototype-Version, X-Requested-With, Content-type, Accept
Accept: */*
User-Agent: [...]
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Prototype uses a totally different header set... which leads to following error in the console:
XMLHttpRequest cannot load foreign-host.com/bthesis/returnJSON.php. Request header field X-Prototype-Version is not allowed by Access-Control-Allow-Headers. Refused to get unsafe header "X-JSON"
The strange thing is, that the Webserver returns in both cases the requested resource (I see it in the 'Resources' View of the developer console in chrome) but it seams that prototype has no access to it somehow
I'm having the same problem. The link @mplungjan shared contains the answer :
You simply have to let the browser know that the x-json
header is safe by using the access-control-expose-headers
I'm using this line in Ruby on Rails controller
headers['Access-Control-Expose-Headers'] = 'x-json'
(This should be quite easy to translate into other programming languages :) )
More details on this page
这篇关于跨原始资源共享与PrototypeJS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!