根据请求访问WEB API服务调用限制 [英] Access restriction of WEB API service call based on request

问题描述

When we access the WEB API service methods from a web application through Ajax calls, will there be any access restrictions for the following scenarios

"HTTPS" Web application accessing an "HTTP" WEB-API
 
"HTTP" Web application accessing an "HTTPS" WEB-API

Will there be any impact on request application or context, either it Http or Https the web API will behave same.

Please advice.

我尝试过的事情：



使用ajax调用从Web应用程序访问跨域Web服务。



即使在指定十字架后，身份验证也会被拒绝已启用域功能。



我的一位朋友建议从普通HTTP应用程序访问SSL安全Https服务时可能会出现问题。

What I have tried:

Access a cross domain web service from a web application using ajax call.

Authentication is denied even after specifying the cross domain feature enabled.

One of my friend suggested there may be issue while accessing a SSL secured Https service from an normal HTTP application.

推荐答案

通过HTTPS提供的页面不应该能够访问通过HTTP提供的API，因为这不安全。



A通过HTTP提供的页面将能够访问通过HTTPS提供的API。



但是，这不太可能是问题所在。听起来您正在尝试访问不会发送 Access-Control-Allow-Origin 标头的API，因此无法从您页面上运行的脚本中获取该标头。



如果您不控制托管远程API的站点，您唯一的选择是在您自己的站点上创建一个代理API，从您的服务器发出API请求。你如何做到这将取决于你正在使用的服务器端技术。

A page served over HTTPS should not be able to access an API served over HTTP, as this would not be secure.

A page served over HTTP will be able to access an API served over HTTPS.

However, this is unlikely to be the problem. It sounds like you're trying to access an API which does not send the Access-Control-Allow-Origin header, and is therefore not available from script running on your page.

If you don't control the site hosting the remote API, your only option is to create a proxy API on your own site which makes the API request from your server. How you do that will depend on what server-side technology you're using.

这篇关于根据请求访问WEB API服务调用限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！