使用XHR的基本身份验证 [英] Basic authentication using XHR

问题描述

我想从我的服务器得到一些需要基本身份验证的响应。所以当我使用curl作为：

I am trying to get some response from my server which needs basic authentication. So when I use curl as:

curl -u user:pass http://myserver.com/get/send-my-data

这是给我正确的回应。
但是当我使用jquery AJAX创建XHR请求。我有403错误。
这是我的AJAX设置：

It is giving me correct response. But when I am creating an XHR request using jquery AJAX. I am having 403 error. Here is my AJAX setup:

            $.ajax ({
            type: 'GET',
            url: 'http://myserver.com/get/send-my-data',
            beforeSend: function(xhr) {
                xhr.setRequestHeader("Authorization", "Basic" + encode64(user:pass)); // I have calculated base64 encoded value of user:pass correctly.
            },
            success: function(d) { console.log(d); },
            crossDomain: 'true'
        });

我有403回应。这是从curl使用-v选项获取的请求标头。

I am having 403 response. Here is the request header obtained from curl using -v option.

> POST /get/send-my-data HTTP/1.1
**> Authorization: Basic ********** // Removed original code deliberately**
> User-Agent: curl/7.27.0
> Host: localhost:8080
> Accept: */*
> Content-Length: 264
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------3c0e06f1e2b4

这是从XHR请求的查询获得的头

Here is the header obtained from charles of my XHR request

OPTIONS /get/send-my-data HTTP/1.1
Host    10.40.55.110:4502
Access-Control-Request-Method   GET
Origin  http://localhost:8080
User-Agent  Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.4 (KHTML,     like Gecko) Chrome/22.0.1229.79 Safari/537.4
**Access-Control-Request-Headers    origin, authorization, accept**
Accept  */*
Referer http://localhost:8080/proof/check.html
Accept-Encoding gzip,deflate,sdch
Accept-Language en-US,en;q=0.8
Accept-Charset  ISO-8859-1,utf-8;q=0.7,*;q=0.3

b $ b

我不明白为什么会发生这种情况？为什么我的XHR请求头没有显示授权头，如curl头显示。请建议我在哪里做错。

I could not understand why this is happening ? WHy my XHR request header is not showing Authorization header like shown in curl header. Please suggest where i am doing wrong.

PS：这是一个跨域请求。

PS: It is a cross domain request.

推荐答案

我面临这个问题，因为我发送一个跨域请求和请求使用POST方法。因此，当我们在跨域服务器上执行POST时，会出现一个 preflight 的概念。

I was facing this issue because i was sending a Cross-domain request and request used POST method. So when we have POST on a cross-domain server, there is a concept of preflight which comes in picture.

在Preflight中，发送选项标题并告知资源上哪个请求将被命中。然后服务器决定是否安全地发送请求。

In Preflight, it just sends the options header and tells the resource on which request is going to be hit. Then server decides if it is safe to send the request or not.

然后如果服务器发送OK，则发送实际请求。
可能是这些行将更具说明性。

And then if server sends OK, actual request is sent. May be these lines will be more explanatory.

预检请求首先通过OPTIONS方法发送HTTP请求到资源其他域，以确定实际请求是否安全发送。
跨站点请求是这样的预检，因为它们可能对用户数据有影响。特别是，如果以下情况，请求被预检：

Preflighted requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send. Cross-site requests are preflighted like this since they may have implications to user data. In particular, a request is preflighted if:

它使用除GET，HEAD或POST之外的方法。此外，如果POST用于发送带有除了application / x-www-form-urlencoded，multipart / form-data或text / plain之外的Content-Type的请求数据，例如如果POST请求使用application / xml或text / xml向服务器发送XML有效负载，则该请求被预检。

It uses methods other than GET, HEAD or POST. Also, if POST is used to send request data with a Content-Type other than application/x-www-form-urlencoded, multipart/form-data, or text/plain, e.g. if the POST request sends an XML payload to the server using application/xml or text/xml, then the request is preflighted.

它在请求中设置自定义标头请求使用诸如X-PINGOTHER之类的标头）

It sets custom headers in the request (e.g. the request uses a header such as X-PINGOTHER)

资料来源：MDN CORS文档

这篇关于使用XHR的基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！