缺少X-Requested-With：XMLHttpRequest（导致200 OK但显示为错误？） [英] Missing X-Requested-With: XMLHttpRequest (causes 200 OK But Shows as Error?)

问题描述

当我从本地主机检索数据为JSON时，一切正常。当我尝试从远程计算机获取JSON数据时，一切都还可以。我可以解析JSON数据来自我的localhost到对象（datagrid插件：jqgrid呈现它）。但是，当我尝试使用远程源时却没有。在firebug它说200 OK，但它显示一个错误图标并将其写入红色。我检查了我的localhost和远程连接头之间的差异，我发现远程连接上没有那个头：

When I retrieve data from my localhost as JSON everything is OK. When I try to get that JSON data from a remote machine everything is OK too. I can parse that JSON data comes from my localhost into objects( a datagrid plugin: jqgrid renders it). However when I try to use remote source it doesn't. At firebug it says 200 OK but it shows an error icon and writes it red. I checked the differences between my localhost and remote connection headers and I found that there is not that header at remote connection:

X-Requested-With    XMLHttpRequest

我认为问题可能就是这样。我没有设置它，它运作良好。它发生在远程请求。

I think problem may be that. I wasn't setting it and it was working well. It occurs at remote request.

有什么想法可以解决吗？

Any ideas to solve it?

PS：我尝试设置Ajax标头但不起作用：

PS: I tried setting Ajax headers but didn't work:

    $.ajaxSetup({
          headers: {"X-Requested-With":"XMLHttpRequest"}
    });

    $("#userTable").jqGrid({
        url:'http://xx.xx.x.xxx:8080/aa/bb/cc/user',
        colNames:['User Name','Password'],
        colModel:[
            {name:'userName',index:'userName', width:100},
            {name:'password',index:'password', width:55}
        ],
        jsonReader: ...
        ...
    });

当我使用该设置时，我甚至看不到来自Firebug的GET请求。

When I use that setup I can not even see the GET Request from Firebug.

PS：我将Spring 3与REST和Tomcat一起用作Web服务器。

PS: I use Spring 3 with REST and Tomcat as web server.

推荐答案

我认为您有跨站点脚本问题。如果服务器在HTTP标头中设置了一些其他选项，则可以解决此问题的回应。因此，解决方案不是像您当前那样修改客户端代码，而是在服务器代码中。

I think that you have the Cross-site scripting issue. The problem can be solved if the server set some additional options in the HTTP header of the response. So the solution is not in the modifying of the client code like you do currently, but in the server code.

我建议您检查将在其中设置的HTTP选项 tables.googlelabs.com 的HTTP标头来自答案演示 >。您将看到服务器响应具有以下附加HTTP选项：

I recommend you examine the HTTP options which will be set in the HTTP header by tables.googlelabs.com used in the demo from the answer. You will see that the server response has the following additional HTTP options:

X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

并且JSON响应将放在由<$定义的函数的调用内c $ c> jsonCallback 参数。如果你要使用 jsonCallback =？ jqGrid将生成函数的名称（类似于 jQuery16407707202236448429_1319101394784 ）。您可以阅读更多关于 X-XSS-Protection 选项这里和关于 X-Content-Type-Options：nosniff 选项这里。

and the JSON response will be placed inside of the call of the function defined by jsonCallback parameter. If you would use jsonCallback=? jqGrid will generate the name of the function (something like jQuery16407707202236448429_1319101394784). You can read more about X-XSS-Protection option here and about X-Content-Type-Options: nosniff option here.

如何在演示，数据将显示在jqGrid中，因此可以在jqGrid中实现跨站点脚本。

How you can see in the demo, the data will be displayed in the jqGrid, so the Cross-site scripting can be implemented in the jqGrid.

因为我们调用服务器 tables.googlelabs.com ，它不支持jqGrid分页和排序参数，我在演示中使用了

Because we call the server tables.googlelabs.com, which not support jqGrid paging and sorting parameters, I used in the demo

url: 'http://tables.googlelabs.com/api/query?jsonCallback=?',
postData: "sql=" + encodeURIComponent("SELECT * FROM 333136 LIMIT 10")

使用string而不是object作为 postData 值将覆盖通常发布的任何其他jqGrid参数。在你的情况下，它不需要这样做，可能你只需要使用 url：'http：//xx.xx.x.xxx：8080 / aa / bb / cc / user？jsonCallback = ？'。

The usage of string instead of object as the postData value will overwrite any other jqGrid parameters which are typically posted. In you case it will be not needed to do this and probably you need just use url: 'http://xx.xx.x.xxx:8080/aa/bb/cc/user?jsonCallback=?'.

无论如何，您需要在服务器上实现对JSONP的支持。这意味着服务器应该理解 jsonCallback 参数。实现取决于您的服务器端实现。在WCF服务的情况下，它可能只是 crossDomainScriptAccessEnabled =true webHttpBinding 的绑定设置（参见这里 web.config <的示例/ code>）。请参阅此答案和这个（或 this one ）另外用于ASP.NET Web服务和ASP.NET MVC。

In any way you need implement support of JSONP on your server. It means just that the server should "understand" jsonCallback parameter. The implementation depends on your server side implementation. It could be just crossDomainScriptAccessEnabled="true" binding setting for the webHttpBinding in case of WCF service (see here an example of the web.config). See this answer and this one (or this one) additionally for ASP.NET Web services and ASP.NET MVC.

这篇关于缺少X-Requested-With：XMLHttpRequest（导致200 OK但显示为错误？）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！