为什么JSONP呼叫不能返回403，但仍可以在浏览器中访问URL [英] Why Does JSONP Call Return Forbidden 403 Yet URL can be accessed in a browser

问题描述

我知道有几个与此有关的问题，但是我找不到他们的答案.另外，我想再澄清一下.

I know there are several questions related to this-- but I couldn't find my answer with them. Plus I wanted a bit more clarification.

我正在本地运行Rails应用程序，该应用程序对用作API的sinatra应用程序进行jsonp调用.

I am running a rails app locally which makes a jsonp call to a sinatra application which is being used as an API.

当我将此URL放入浏览器时，最终得到正确的响应，但是当我使用$ .getJSON通过jQuery进行此调用时，出现了403错误.我知道$ .getJSON根据具有callback =?的网址发出jsonp请求.参数.

When I put this URL in my browser I end up getting the correct response, yet when I make this call through jQuery using $.getJSON I get a forbidden 403 Error. I understand that the $.getJSON is making a jsonp request based on the url having callback=? parameter.

我正在尝试找出导致403错误的原因. api应用程序上是否存在一些默认配置，因为从包含的脚本标签中请求了脚本，所以拒绝了请求?

I'm trying to figure out what is causing the 403 Error. Is there some default configuration on the api application that is refusing the request because the script is being requested from an included script tag?

现在，api请求返回json数据.我认为查看回调参数并构造一个实际调用回调的响应是我的责任...

Right now the api request return json data. I assume it's my responsibility to look at the callback parameter and construct a response that actually calls the callback...

因此，如果url是 http://myapi.com?callback=blah ，那么我应该是返回类似的内容:

so if url was http://myapi.com?callback=blah, then I should be returning something like:

blah({foo:'bar'})

blah({foo: 'bar'})

但是我不确定403到底是什么.如果返回的是api服务器，那么它试图防止什么?

But I don't know exactly what the 403 is all about. If it's the api server that is returning, then what is it trying to protect against?

这是jsonp调用的示例:

here is an example of what the jsonp call looks like:

$.getJSON( 'http://myapi.com?callback=?', {biz: 'buzz'})

我看到了有关为跨源关注点设置标头的帖子-但不确定为什么jsonp请求需要这样做.

I see posts about setting headers for cross origin concerns-- but not sure why this is needed for jsonp request.

推荐答案

您需要在sinatra api应用程序中添加jsonp支持.

You need to add jsonp support to your sinatra api application.

这是向sinatra应用程序添加jsonp支持的一种方法

Here is one way of adding jsonp support to your sinatra app

将机架变形宝石添加到您的Gemfile

Add rack-contrip gem to your Gemfile

gem 'rack-contrib'

将以下内容添加到您的config.ru

Add following to your config.ru

require 'rack/contrib'
use Rack::JSONP

重新启动您的sinatra应用程序并开始从javascript测试jsop

Restart your sinatra app and start testing jsop from javascript

这篇关于为什么JSONP呼叫不能返回403，但仍可以在浏览器中访问URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！