不能访问授权所需的资源与jQuery的AJAX [英] Not able to access authorization required resource with jquery's ajax

问题描述

我有我的服务器称为sidunhosted.com/ungdav/test.json WebDAV的主机（这是一个虚拟主机）

I have a webdav host on my server called sidunhosted.com/ungdav/test.json (It's a virtual host)

我在 / ungdav / 基本授权。这是我的的.htaccess 文件进行sidunhosted.com/ungdav/。

I have Basic authorization on /ungdav/. This is my .htaccess file for sidunhosted.com/ungdav/ .

AuthType Basic
AuthName "your unhosted data"
AuthUserFile /srv/http/sidunhosted.com/ungdav/.htpasswd

Require valid-user

Header always set Access-Control-Allow-Methods "GET, POST, DELETE, OPTIONS, PUT"
Header always set Access-Control-Allow-Headers "Content-Type, X-Requested-With, X-HTTP-Method-Override, Accept, Authorization"
Header always set Access-Control-Allow-Credentials "true"
Header always set Cache-Control "max-age=0"
Header always set Access-Control-Allow-Origin *

我用下面的jQuery code（与萤火虫）访问资源

I'm using following jQuery code (with firebug) to access the resource

$.ajax({
                        url: "http://sidunhosted.com/ungdav/test.json",
                        cache: false,
                        dataType: "text",
                        headers: {Authorization: "Basic "+btoa("smik:asdf")},
                        fields: {withCredentials: "true"},
                        success: function(text){
                                alert(text);
                        }
});

这工作，如果我在sidunhosted.com互动（转储： HTTP：//paste.pocoo .ORG /显示/ 417127 / ）。但不工作（返回授权必填），如果我打电话从其他网站（转储互动： HTTP ：在Firebug的控制台//paste.pocoo.org/show/417128/ ），即执行此$ C $℃，同时在其他一些网站（已jQuery的加载）

This works if I am on sidunhosted.com (Dump of interaction: http://paste.pocoo.org/show/417127/). But doesn't work(returns Authorization required) if I call that from some other website (Dump of interaction: http://paste.pocoo.org/show/417128/) i.e. execute this code on firebug console while being on some other website (which have jQuery loaded).

推荐答案

终于找到了答案（8小时后） 现在的问题是，对于CORS请求，浏览器必须能够访问OPTIONS和HEAD方法，即使没有验证。因此，为了使上述工作，我们必须绑定需要在＆LT有效的用户; LimitExcept中＆GT; 阻止像这种

Finally found the answer (after 8 hours) The problem is that for CORS requests, the browser must have access to OPTIONS and HEAD method even without authentication. Hence to make the above work, we have to bind the Require valid-user in a <LimitExcept> block like this

<LimitExcept OPTIONS HEAD>
  Require valid-user
</LimitExcept>

这确保浏览器可以读取选项和HEAD未经验证。

This ensures that the browser can read OPTIONS and HEAD without being authenticated.

这篇关于不能访问授权所需的资源与jQuery的AJAX的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！