访问受限的URI被拒绝".代码:"1012" [英] Access to restricted URI denied" code: "1012

问题描述

在域A(localhost:8080)上，我运行以下代码来访问域B(localhost)上未经身份验证的REST服务:

On domain A (localhost:8080) I run this code to access an unauthenticating REST serivce on domain B (localhost):

req = new XMLHttpRequest();
req.open('GET', 'http://localhost/rest/service');
req.send();

这工作正常，并且我在域B上获得了我的响应，因为我在域B上的Apache设置了响应标头:

This works fine and I do get my response across domains as I have Apache on domain B set the response header:

Header set Access-Control-Allow-Origin "http://localhost:8080"

但是，如果我现在打开REST服务的身份验证并尝试运行相同的请求:

However if I now turn on authentication for the REST service and try to run the same request:

req.open('GET', 'http://admin:admin@localhost/rest/service');

它现在在Firebug中产生此错误:

It now produces this error in Firebug:

Access to restricted URI denied" code: "1012

我很困惑，我能够绕过相同的原始策略成功地对身份验证的服务进行跨域ajax调用，但是当服务要求进行身份验证时，Firefox决定不允许ajax调用吗?不使用jsonp等如何解决此问题，因为生产服务器将无法提供PHP或Servlet托管.

I'm confused that I am able to sucessfully make cross domain ajax calls to the authenticated service bypassing the same origin policy, yet when authentication is required on the service Firefox decides not to allow the ajax call? How can I fix this without using jsonp etc, as the production server won't be able to provide PHP or Servlet hosting.

推荐答案

使用JQuery 1.5+很容易，我建议您将其用于JavaScript解决方案:

It's easy with JQuery 1.5+, which I recommend you use for your JavaScript solution:

$.ajax({
    url: 'http://admin:admin@localhost/rest/service',
    crossDomain:true, // Here is the JSONP callback logic 
    success: function(data){
        console.log(data); // data is what comes back from your remote file
    }
});

这篇关于访问受限的URI被拒绝".代码:"1012"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！