CakePHP 403对AJAX请求 [英] CakePHP 403 on AJAX request
问题描述
我想使用AJAX在我的网站上自动填写一个搜索框。我使用firebug来测试我的应用程序。当我尝试搜索的东西,Firebug告诉我,AJAX请求返回403禁止的错误。但是,当我复制AJAX请求中的EXACT URL时,它会返回正确的数据。
I'm trying to use AJAX to autocomplete a search box on my website. I was using firebug to test my application. When I try to search something, Firebug tells me that the AJAX request returned a 403 forbidden error. However, when I copy the EXACT URL that was in the AJAX request, it returns the correct data.
编辑:
我认为这是必须的JavaScript侧。与正常请求相比,AJAX请求中是否可以省略任何头文件?
I think this has to be something on the JavaScript side. Are there any headers that might be omitted with an AJAX request compared to a normal request?
这里是$ _SERVER变量(我删除了两个相同的参数请求)对失败的AJAX请求(1)vs在其中键入URL(2):
Here is the $_SERVER variable (I removed the parameters that were the same on both requests) on an AJAX request that failed (1) vs typing the URL in and it works (2):
(1)
2011-04-02 13:43:07 Debug: Array
(
[HTTP_ACCEPT] => */*
[HTTP_COOKIE] => CAKEPHP=0f9d8dc4cd49e5ca0f1a25dbd6635bac;
[HTTP_X_REQUESTED_WITH] => XMLHttpRequest
[REDIRECT_REDIRECT_UNIQUE_ID] => TZdgK654EmIAAEjknsMAAAFG
[REDIRECT_UNIQUE_ID] => TZdgK654EmIAAEjknsMAAAFG
[REMOTE_PORT] => 60252
[UNIQUE_ID] => TZdgK654EmIAAEjknsMAAAFG
[REQUEST_TIME] => 1301766187
)
(2)
2011-04-02 13:44:02 Debug: Array
(
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_COOKIE] => CAKEPHP=d8b392a5c3ee8dd948cee656240fd5ea;
[REDIRECT_REDIRECT_UNIQUE_ID] => TZdgYq54EmIAAF7zt6wAAAJJ
[REDIRECT_UNIQUE_ID] => TZdgYq54EmIAAF7zt6wAAAJJ
[REMOTE_PORT] => 60281
[UNIQUE_ID] => TZdgYq54EmIAAF7zt6wAAAJJ
[REQUEST_TIME] => 1301766242
)
推荐答案
解。我将安全级别设置为中等以解决问题。我在config文件夹中找到了这一行。中等安全级别在生产中是否产生任何问题?
I think I found the solution. I set the security level to medium to solve the issue. I found this line in the config folder. Does a medium security level pose any problems in production?
/**
* The level of CakePHP security. The session timeout time defined
* in 'Session.timeout' is multiplied according to the settings here.
* Valid values:
*
* 'high' Session timeout in 'Session.timeout' x 10
* 'medium' Session timeout in 'Session.timeout' x 100
* 'low' Session timeout in 'Session.timeout' x 300
*
* CakePHP session IDs are also regenerated between requests if
* 'Security.level' is set to 'high'.
*/
Configure::write('Security.level', 'medium');
编辑:这绝对是解决方案。以下是发生的情况:
This is definitely the solution. Here's what was happening:
当安全级别设置为高时,每次请求都会生成一个新的会话ID。
When the security level is set to high, a new session ID is generated upon every request.
这意味着当我提出ajax请求时,会生成一个新的会话ID。
That means that when I was making ajax requests, a new session ID would be generated.
如果你停留在同一页面上,JavaScript会发出一个请求,产生一个新的session_id,而不会记录新的session_id。
If you stay on the same page, JavaScript makes a request, which generates a new session_id, and doesn't record the new session_id.
所有后续的ajax请求都使用一个旧的session_id,它被声明为无效,并返回一个空会话。
All subsequent ajax requests use an old session_id, which is declared invalid, and returns an empty session.
这篇关于CakePHP 403对AJAX请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!