Ajax请求由于无效的SSL证书而失败? [英] Ajax request failing due to invalid SSL cert?
问题描述
我正在使用jQuery增强我的前端技能,并遇到了一个错误,我希望该错误是由SSL证书问题引起的.
我转到了我尝试使用的API的原始URL,它在chrome中给了我这个警告:
The site's security certificate is not trusted!
You attempted to reach theAPI, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
这是我正在使用的基本代码设置(摘自此处):
<body>
<div class="results"></div>
<script>
$( document ).ready(function() {
$.ajax({
url: "https:theAPI",
cache: false,
success: function(html){
$(".results").append(html);
}
});
});
</script>
</body>
我应该进一步调查我的设置,还是SSL证书中存在有效的问题会阻碍我前进?
您有两个问题.首先,自签名证书永远无法在可公开访问的应用程序中使用,因为您将需要每个用户以某种方式接受该证书作为可信证书(就像其他人所说的那样,无法通过AJAX获得该证书).
第二,即使您克服了SSL问题,也可能会遇到跨域请求问题.也就是说,除非您使用JSONP或目标服务器已正确配置了CORS策略(我认为使用自签名证书不是这种情况),否则AJAX不能用于进行跨域调用.
您最好的选择是在您的服务器上公开一个后端API,您可以通过AJAX对其进行调用,然后后端进行跨域调用并响应AJAX请求公开数据.如果有必要,您甚至可以在本地缓存远程调用的结果.
I'm playing with jQuery to strengthen my front end skills and have run into an error that I hope is caused by an SSL cert issue.
I went to the raw url of the API I was trying to use and it gave me this warning in chrome:
The site's security certificate is not trusted!
You attempted to reach theAPI, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
Here is the basic code set up I was using (pulled from here):
<body>
<div class="results"></div>
<script>
$( document ).ready(function() {
$.ajax({
url: "https:theAPI",
cache: false,
success: function(html){
$(".results").append(html);
}
});
});
</script>
</body>
Should I investigate my setup more or is there a valid issue from the SSL cert that would roadblock me?
You have two problems. First, the self-signed cert would never work for a publicly accessible application, as you would need each user to somehow accept that cert as trusted (which as others have stated is not possible via AJAX).
Second, even if you get past the SSL problem, you are likely to have a cross-domain request problem. That is, AJAX cannot be used to make cross-domain calls unless you are using JSONP or the target server has properly configured CORS policy (which I would guess is not the case considering the self-signed cert).
Your best bet may be to expose a backend API on your server which you can call via AJAX, with the backend then making the cross-domain call and exposing the data back in response to the AJAX request. You could even cache the results of the remote call locally if it makes sense.
这篇关于Ajax请求由于无效的SSL证书而失败?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
