jquery $ .ajax调用在Chrome或Firefox中导致401未经授权的响应,但在IE中有效 [英] jquery $.ajax call results in 401 unauthorized response when in Chrome or Firefox, but works in IE
问题描述
我在网页上运行的脚本需要使用JQuery $ .ajax方法(目前使用jquery 1.7.2)向不同域上的服务端点提交几个GET请求。我在IE(9,10,11)中使用了ajax调用,但它在Firefox和Chrome中失败了401 Unauthorized响应。 Chrome中的部分附加错误消息是访问此资源需要完全身份验证。
I have a script running on a web page that needs to use the JQuery $.ajax method (currently using jquery 1.7.2) to submit several GET requests to a service endpoint on a different domain. I have the ajax call working in IE (9, 10, 11), but it fails with a 401 Unauthorized response in Firefox and Chrome. Part of the additional error message in Chrome is "Full authentication is required to access this resource".
我的ajax调用设置如下(dataType为json,用于这些请求失败,async为true):
My ajax call is setup like this (dataType is "json" for these requests that fail, and async is true):
$.ajax({
url: url,
type: "GET",
async: isAsync,
dataType: dataType,
username: user,
password: pswd,
success: function (response, status) {
// success code here
},
failure: function (response, status) {
// failure code here
},
complete: function (xhr, status) {
// on complete code here
}
});
我传递了访问服务所需的用户名和密码,这在IE中有效。我理解JQuery ajax函数将正确处理身份验证,因此如果响应返回指示需要授权,它将使用提供的凭据来正确地生成该请求。我在这里错过了什么吗?我是否需要手动添加授权标头才能生效?
I am passing in the username and password required to access the service and this works in IE. I was understanding that the JQuery ajax function would handle the authentication correctly, so if a response comes back indicating that authorization is required, it would use the credentials that were provided to make that request correctly. Am I missing something here? Do I need to manually add the Authorization header for this to work?
更新:
以下是Chrome和IE报告的请求,响应和Cookie信息通过F12调试工具(一些信息替换为[...删除...])
UPDATE: Here is the request, response, and cookie info reported by Chrome and IE via the F12 debugging tools (some info replaced with [...removed...])
Chrome(42.0.2311.90 m)
响应标头
Response Headers
access-control-allow-credentials:true
access-control-allow-origin:[...删除...]
access-control-expose-headers:
cache-control:private,max-age = 0,must-revalidate connection :keep-alive
content-encoding:gzip content-length:296
content-type:text / html; charset = ISO-8859-1 date:Tue,2015年4月21日
20:格林威治标准时间55:12到期:2015年4月21日星期二20:55:12 GMT p3p:CP =NON DSP COR
CURa PSAa PSDa我们的NOR BUS PUR COM NAV STA
set-cookie:JSESSIONID = qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13; Path = /; Secure; HttpOnly
set-cookie:NSC_vt1.sbmmzefw.dpn! - !IUUQT = ffffffff09091c3945525d5f4f5 8455e445a4a42378b; path = /; secure; httponly
status:401 Unauthorized vary:Accept-Encoding version:HTTP / 1.1
www-authenticate:Basic realm =Rally ALM
access-control-allow-credentials:true access-control-allow-origin:[...removed...] access-control-expose-headers: cache-control:private,max-age=0,must-revalidate connection:keep-alive content-encoding:gzip content-length:296 content-type:text/html;charset=ISO-8859-1 date:Tue, 21 Apr 2015 20:55:12 GMT expires:Tue, 21 Apr 2015 20:55:12 GMT p3p:CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA" set-cookie:JSESSIONID=qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13;Path=/;Secure;HttpOnly set-cookie:NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3945525d5f4f58455e445a4a42378b;path=/;secure;httponly status:401 Unauthorized vary:Accept-Encoding version:HTTP/1.1 www-authenticate:Basic realm="Rally ALM"
请求标题
:host:rally1.rallydev.com:method:GET:path:[... removed ...]
:scheme:https:version:HTTP / 1.1 accept:application / json,
text / javascript, / ; q = 0.01 accept-encoding:gzip,deflate,sdch
accept-language:en-US,en; q = 0.8 origin:[... removed ...]
referer:[...删除...]用户代理:Mozilla / 5.0(Windows NT 6.1; WOW64)
AppleWebKit / 537.36(KHTML,如Gecko)Chrome / 42.0.2311.90
Safari / 537.36
:host:rally1.rallydev.com :method:GET :path:[...removed...] :scheme:https :version:HTTP/1.1 accept:application/json, text/javascript, /; q=0.01 accept-encoding:gzip, deflate, sdch accept-language:en-US,en;q=0.8 origin:[...removed...] referer:[...removed...] user-agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36
回复Cookie
JSESSIONID qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13
NSC_vt1.sbmmzefw.dpn! - ! IUUQT
ffffffff09091c3945525d5f4f58455e445a4a42378b
JSESSIONID qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13 NSC_vt1.sbmmzefw.dpn!-!IUUQT ffffffff09091c3945525d5f4f58455e445a4a42378b
IE 11
请求标题
Request Headers
请求GET [...已删除...] Referer [...已删除...]接受< br>
application / json,text / javascript, / ; q = 0.01 Accept-Language zh-CN
接受编码gzip,deflate用户代理Mozilla / 5.0(Windows NT
6.1; WOW64; Trident / 7.0; rv:11.0),如Gecko Host [.. .removed ...] Connection Keep-Alive Cache-Control no-cache Cookie
JSESSIONID = qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08;
NSC_vt1.sbmmzefw.dpn! - !IUUQT = ffffffff09091c3145525d5f4f58455e445a4a42378b;
RALLY-Detail-treeCollapsed = false;
ZSESSIONID = RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;
SUBBUCKETID = 713
Request GET [...removed...] Referer [...removed...] Accept
application/json, text/javascript, /; q=0.01 Accept-Language en-US
Accept-Encoding gzip, deflate User-Agent Mozilla/5.0 (Windows NT
6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host [...removed...] Connection Keep-Alive Cache-Control no-cache Cookie
JSESSIONID=qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08;
NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3145525d5f4f58455e445a4a42378b;
RALLY-Detail-treeCollapsed=false;
ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;
SUBBUCKETID=713
响应标头
响应HTTP / 1.1 200 OK RallyRequestID
qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-0810353108 Expires Thu,01
1970年1月00:00:00 GMT Content-Type text / javascript; charset = utf-8
ETag0101c2c8d3463ee3c1a4f950d4142b7d3P3P CP =NON DSP COR CURa
PSAa PSDa OUR NOR BUS PUR COM NAV STACache-Control
private,max-age = 0,必须重新生效日期星期二,2015年4月21日20:58:17 GMT
连接保持活动Set-Cookie
ZSESSIONID = RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU; Path = /; Domain = [... removed ...];安全; HttpOnly
Set-Cookie
SUBBUCKETID = 713; Path = /; Domain = [... removed ...]; Secure; HttpOnly
Content-Length 319
Response HTTP/1.1 200 OK RallyRequestID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-0810353108 Expires Thu, 01 Jan 1970 00:00:00 GMT Content-Type text/javascript; charset=utf-8 ETag "0101c2c8d3463ee3c1a4f950d4142b7d3" P3P CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA" Cache-Control private,max-age=0,must-revalidate Date Tue, 21 Apr 2015 20:58:17 GMT Connection keep-alive Set-Cookie ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;Path=/;Domain=[...removed...];Secure;HttpOnly Set-Cookie SUBBUCKETID=713;Path=/;Domain=[...removed...];Secure;HttpOnly Content-Length 319
Cookies
已发送JSESSIONID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08
已发送NSC_vt1.sbmmzefw .dpn - !IUUQT
ffffffff09091c3145525d5f4f58455e445a4a42378b发送
拉力赛详细信息,treeCollapsed假发送ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU发送
SUBBUCKETID 713收到ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU在会议$ b $结束b [...删除...] /是是收到SUBBUCKETID 713
会话结束[...删除...] /是是
Sent JSESSIONID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08
Sent NSC_vt1.sbmmzefw.dpn!-!IUUQT
ffffffff09091c3145525d5f4f58455e445a4a42378b Sent
RALLY-Detail-treeCollapsed false Sent ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU Sent
SUBBUCKETID 713 Received ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU At end of session
[...removed...] / Yes Yes Received SUBBUCKETID 713 At end of
session [...removed...] / Yes Yes
推荐答案
我遇到了一个 jquery论坛帖子,其中包含有关此问题的一些其他信息。根据我在那里发现的内容,我将其添加到$ .ajax调用中:
I came across a jquery forum post that had some additional information regarding this issue. Based on what I found there, I added this to the $.ajax call:
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', makeBaseAuth(user, pswd));
}
其中makeBaseAuth()使用btoa()函数,如下所示:
where makeBaseAuth() uses the btoa() function like this:
makeBaseAuth: function(user, pswd){
var token = user + ':' + pswd;
var hash = "";
if (btoa) {
hash = btoa(token);
}
return "Basic " + hash;
}
现在似乎在Chrome中有效,我没有登录提示或401响应,请求正在进行,我得到预期的响应。我还删除了选项 xhrFields:{withCredentials:true} ,因为这似乎没有必要。由于某些原因,这还没有在Firefox中工作,并且在Firefox调试器中我实际上无法在javascript上进行任何体面的调试以查看问题所在,此脚本的工作方式是将其加载到网页中作为一个匿名脚本,我没有任何控制权。我有办法在IE和Chrome中使用脚本,但出于某种原因不能使用Firefox。我认为这是一个让它在Chrome中运行的胜利,感谢所有人为我提供了正确的方向!
That appears to be working in Chrome now, I'm not getting a login prompt or a 401 response, the request is going through and I get the expected response. I also removed the option xhrFields: { withCredentials: true } as that didn't appear to be necessary. For some reason this isn't working in Firefox yet, and in the Firefox debugger I can't actually get at the javascript to do any decent debugging to see what the problem is, the way this script works is its loaded into a web page as an anonymous script and I don't have any control over that. I have a way to get at the script in IE and Chrome, but not Firefox for some reason. I'll consider this a win just getting it to work in Chrome, thanks to everyone for prodding me in the right direction!
这篇关于jquery $ .ajax调用在Chrome或Firefox中导致401未经授权的响应,但在IE中有效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
