jQuery AJAX基于SOAP的Web服务和CORS（跨源资源共享） [英] jQuery AJAX SOAP based web services and CORS (cross origin resource sharing)

问题描述

我已经有几个星期，试图从我为我的一个客户编写的jQuery插件中获得一个基于jQuery AJAX SOAP的跨域Web服务。
我做的大部分研究似乎表明这是不可能的，因为CORS或跨源资源共享只允许jasonP（GET）类型调用。

I have for a few weeks now been trying to get one of my jQuery AJAX SOAP based cross domain web service to work from a jQuery plugin I have written for one of my customers. Most of the research I did seemed to indicate that it was not possible because CORS or Cross Origin Resource Sharing would only allow jasonP (GET) type calls.

I have finally figured how to make it work and thought I would share what I had to do.

首先要明白的是，在这种情况下， CORS感知浏览器，其中服务器在另一个域中，GET（除其他参数之外）的任何其他操作都将导致所谓的预检检查。这意味着浏览器会询问服务器允许执行的选项列表。
除非服务器返回允许基于SOAP的Web服务的准确的选项列表，否则调用将在实际请求之前失败。

The first thing to understand is that in a CORS aware browser, where the server is in another domain, anything other that a GET (amongst other parameters) will result in what is called a preflight check. What this means is that the browser will ask the server for a list of options that it is allowed to perform. Unless the server returns the exact list of options to allow a SOAP based web service the call will fail even before the actual request is made.

您需要什么要做的是使Web服务器（在我的示例中是IIS7.5）返回正确的选项列表。

通过在inetpub \ WEBroot文件夹中配置web.config文件（if你没有一个只是创建它，并复制以下到它）。

What you need to do is to make the web server (in my example it's IIS7.5) return the correct list of options.
You do this by configuring the web.config file in the inetpub\wwwroot folder (if you don't have one just create it and copy the following into it).

我的web.config文件看起来像这样。

My web.config file looks like this.

重要的一切都区分大小写 一旦我意识到这一切都正常工作。

Important everything is case sensitive once I realized this everything just worked as expected.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <system.webServer>
  <httpProtocol>
   <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Methods" value="POST, GET, OPTIONS, PUT, DELETE" />
    <add name="Access-Control-Allow-Headers" value="content-type,soapaction,x-requested-with" />      
    </customHeaders>
   </httpProtocol>
        <handlers accessPolicy="Read, Execute, Script" />
 </system.webServer>
</configuration>

我的jQuery AJAX代码看起来像这样。

My jQuery AJAX code looks like this.

var getNextJobId = function()
{
  var se = '';
  se = se + '<?xml version="1.0" encoding="UTF-8" standalone="no"?>';
  se = se + '<soap-env:Envelope xmlns:soap-env="http://www.w3.org/2003/05/soap-envelope">';
  se = se + '<soap-env:Body>';
  se = se + '<ebas:getNextJobIdRequest xmlns:ebas="http://www.ebasetech.com">';
  se = se + '<ebas:ORGCODE>' + plugin.settings.orgcode + '</ebas:ORGCODE>';
  se = se + '</ebas:getNextJobIdRequest>';
  se = se + '</soap-env:Body>';
  se = se + '</soap-env:Envelope>';
  $.ajax(
  {
    url: params.webserviceTargetUrl,
beforeSend: function(xhr)
{
  xhr.setRequestHeader("SOAPAction", "getNextJobId");
},
type: "POST",
dataType: "xml",
data: se,
crossDomain: true,
headers: {"X-Requested-With": "XMLHttpRequest"},
async: false,
success: function(xml)
{
  params.jobId =   $(xml).find("ebas\:JOBID").text();
},
failure: function(xml)
{
  params.webserviceFailure = $(xml).text();
},
      contentType: "charset=UTF-8"
});
}

推荐答案

不可能，因为CORS或跨源资源共享只允许jasonP（GET）类型调用。

"it was not possible because CORS or Cross Origin Resource Sharing would only allow jasonP (GET) type calls."

CORS不限于GET方法，它限制为JSONP风格的调用。

CORS is not limited to GET methods, nor is it it limited to JSONP-style calls.

JSONP是一种技术，Web开发人员在CORS标准化之前使用它，向服务于页面的主机执行AJAX请求。 JSONP通过在页面中插入< script> 标记来实现。它需要服务器参与，通常通过包装JSON结果调用一个函数，通过 callback 参数在AJAX调用中命名。请参阅此答案： what-is-jsonp-all-about 。

JSONP is a technique that web developers used before CORS was standardized, to perform AJAX request to hosts other than the one that served the page. JSONP works by inserting a <script> tag into the page. It requires server participation, usually by wrapping the JSON results in a call to a function, named in the AJAX call via a callback parameter. See this answer: what-is-jsonp-all-about.

正如你所指出的，JSONP仅限于执行GET方法，因为< script> 只执行GET。它也有其他问题，如无法处理错误。例如，如果返回400响应，则脚本不是由浏览器执行，而是执行AJAX调用的JS错误处理程序。

As you pointed out, JSONP is limited to performing a GET method, because <script> only performs a GET. It has other problems, too, such as not being able to handle errors. For example, if a 400 response is returned, the script is simply not executed by the browser, rather than executing a JS error handler for the AJAX call.

CORS是一个新标准。它还需要服务器参与，因为它必须处理预检检查，并使用额外的HTTP头，例如： Access-Control-Allow-Origin ，访问控制允许方法和访问控制允许标头，您在编辑您的问题。它不限于GET方法。相反，它限于由 Access-Control-Allow-Methods 头中的预检检查的结果指定的那些方法。 CORS不需要在回调函数中包装结果或对结果进行任何其他调整，并且它处理错误和其他状态代码。有关详细信息，请参阅此 CORS概述。

CORS is a newer standard. It also requires server participation, in that it must handle the preflight check, and uses extra HTTP headers such as: Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers, which you described well in the edit to your question. It is not limited to GET methods. Rather, it is limited to those methods specified by the results of the preflight check in the Access-Control-Allow-Methods header. CORS does not require the wrapping of results in a callback function or any other adjustment to the results, and it handles errors and other status codes. See this excellent overview of CORS for more information.

这篇关于jQuery AJAX基于SOAP的Web服务和CORS（跨源资源共享）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！