如何prevent Safari浏览器截获401响应Ajax请求 [英] How to prevent Safari from intercepting 401 responses to ajax requests
问题描述
我有一个Safari浏览器扩展以下问题。我要求用户提供用户名/密码为Web服务,并发送掀起了快速的要求,以验证证书是正确的。如果不是,该服务将与401回应,因为我相信它应该。问题是,Safari浏览器似乎拦截这种反应在我的javascript code可以处理它,可见让我处理错误的灰色登录框代替。
有什么我能做些什么呢?我使用的是JS库,以拨打电话,但它的功能上等同于以下的jQuery。
$。阿贾克斯({
键入:GET,
网址:网址,
用户名:用户名,
密码:密码,
成功:函数(){/ *手柄成功* /},
错误:函数(){/ *处理错误* /}
});
据我所知(后有过这个问题,我自己)没有办法,你会得到Safari浏览器,停止拦截 401 。如果这些研究结果是正确的,唯一的办法就是创意(读:误)用另一个错误code,例如: 403 ,或使用自定义的(见下文)。
当然,这是假设你有机会改变现状code从Web服务发送回来(它不是从问题完全清楚,如果你开发的Web服务也是如此)。
403 ,当然,真正说你已经通过身份验证,但无权访问该资源,这是不正确的(因此滥用) ,但至少它在浏览器没有副作用,我是知道的。
400 有时被用来作为一种替代,但因为那一个(错误的请求)确实是用来表示一个HTTP协议的错误,它可能会引起副作用(从未见过或听说过它的发生,但潜在的,它可能会导致过有益的尝试一些未来的浏览器或反劫持软件,启动故障/诊断)。
412 是我见过的使用(precondition失败),但它实际上是为了表明另一种选择是,服务器的没有辜负preconditions中的请求的设置。
或者,你可以做你自己的非标准 4XX 错误 - 例如, 461 - 这是允许的(注意,微博具有自定义 420 状态code,例如)
I'm having the following problem in a Safari extension. I ask the user to provide their username/password for a web service and send off a quick request to verify that the credentials are correct. If they are not, the service will respond with a 401 as I believe it should. The problem is that Safari seems to intercept this response before my javascript code can handle it, showing the grey login box instead of letting me handle the error.
Is there anything I can do about this? I'm using a js library to make the call, but it's functionally equivalent to the following jQuery.
$.ajax({
type: "GET",
url: url,
username: username,
password: password,
success: function() { /* handle success */ },
error: function() { /* handle error */ }
});
As far as I'm aware (after having had this issue myself) there's no way you'll get Safari to stop intercepting a 401. If those findings are correct, the only way is creative (read: mis-) use of another error code, e.g. 403, or using a custom one (see below).
Of course, this assumes that you have access to changing the status code sent back from the web service (it's not entirely clear from the question if you developed the web service too).
403, of course, really says "you're already authenticated, but not authorized to access this resource", which isn't correct (hence "misuse"), but at least it has no side effects in browsers that I'm aware of.
400 is sometimes used as an alternative, but since that one ("bad request") is really meant to signify a HTTP protocol error, it may cause side effects (never seen or heard of it happening, but potentially, it might cause an over-helpful attempt by some future browser or anti-hijacking software to start troubleshooting/diagnostics).
412 is another alternative that I've seen used ("precondition failed"), but it actually is meant to indicate that the server didn't live up to the preconditions the request set.
Or you could make up your own non-standard 4xx error - e.g. 461 - which is allowed (notice that twitter has a custom 420 status code, for example)
这篇关于如何prevent Safari浏览器截获401响应Ajax请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
