浏览器不遵循来自AJAX响应的重定向(PHP生成的响应正在使用CAS身份验证) [英] Browser doesn't follow redirect from an AJAX response (PHP-generated response is using CAS authentication)
问题描述
好的,看来我在最初的问题上犯了一个错误.因此,这里有一些更正.答案仍然适用,因为当HTTPS(SSL)协议更改时,第二个重定向将停止.
Ok, It looks like I made a mistake with my initial question. So, here are some corrections. The answer still applies, because the second redirect is stopped when there is a change in protocol to HTTPS (SSL).
就我而言,我有多次重定向,浏览器没有遵循第二个重定向. 遵循第一个重定向,但返回错误.
In my case, I have a redirect occurring multiple times, and the browser doesn't follow the second redirect. The first redirect is followed but returns an error.
我一直在阅读包含重定向的JavaScript AJAX响应会被自动跟踪,但就我而言,情况似乎并非如此.浏览器将自动跟随第一个重定向,并且返回第一个重定向,而无需遵循标题中的第二个重定向.我的问题是我希望所有重定向都被浏览器自动跟随.
I keep reading that JavaScript AJAX responses containing redirects are followed automatically, but it look like not in my case. The first redirect is automatically followed by the browser, and the first redirect is returned without following the second redirect in the header. My problem is that I want all the redirects to be automatically followed by the browser.
重定向是phpCAS库的一部分.我有一个用PHP编写的API,它每次返回结果前都会检查用户身份验证.
The redirects are part of the phpCAS library. I have an API written in PHP which checks the user authentication, each time, before returning the results.
这是序列.需要注意的主要事情是浏览器在执行1次重定向后返回第二个响应.我希望它一直执行并在我对localhost/example/api进行AJAX调用时返回最后一个响应.
Here is the sequence. The main thing to note is that the browser returns the second response, after following 1 redirect. I would prefer it went all the way and returned the last response when I make an AJAX call to localhost/example/api.
本地主机/示例
- 使用jQuery.ajax()调用
localhost/example/api
响应1:localhost/example/api
- 重定向到
https://localhost/accounts/cas/login?service=api.example.com&gateway=true(使用SSL).
- Redirects to
https://localhost/accounts/cas/login?service=api.example.com&gateway=true(using SSL).
响应2:(SSL)localhost/accounts/cas/login?service = api.example.com& gateway = true
- 如果存在查询键网关",则登录名将直接重定向回服务"键提供的URL(带或不带票证)(以向服务表明用户已登录或未登录)./li>
- When the query key 'gateway' is present, the login simply redirects back to the URL provided by the 'service' key with or without a ticket (to signal to service that the user is either logged in or not).
响应3:localhost/api?ticket = TICKET
- 验证票证并重定向到本身而不包含票证.
响应4:localhost/api
- 这次,CAS客户端查看$ _SESSION来记住票证是什么,然后处理返回JSONP的API请求.
我没有通过OpenID或OpenAuth(orization)使用CAS的特殊原因. CAS只是我能够在WordPress中使用的第一个身份验证模块.对于使用其他身份验证库,CMS,框架等方面的建议,我持开放态度.尽管如此,我希望只是完成此项目.因此,重新设计的次数越少越好.
There's no particular reason I'm using CAS over OpenID or OpenAuth(orization). CAS was just the first authentication module I was able to get working in WordPress. I am open to suggestions in terms of using a different authentication library, CMS, framework, etc. Although, my hope is to just get this project finished. So the less re-tooling the better.
推荐答案
As you later found yourself as you added in your comments, ajax requests are subject to same origin policy.
是的,您可以使用JSONP-但是,如果您有幸仅支持IE8及更高版本,请 CORS 可能是一个更好的解决方案.
Yes, you could use JSONP - however, if you are fortunate enough to have to support only IE8 and upwards, CORS might be a better solution.
基本上,添加标题,例如
Basically, adding headers such as
access-control-allow-origin: http://api.example.com
access-control-allow-credentials: true
对于服务器答案,您可以解决跨源策略.
to your server answer, you could work around cross origin policy.
也请参见 jQuery票证,使其可以与jQuery一起使用.
Also see this jQuery ticket to make it kinda work with jQuery.
这篇关于浏览器不遵循来自AJAX响应的重定向(PHP生成的响应正在使用CAS身份验证)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
