访问被拒绝。请求安全页面时出现JavaScript错误 [英] Access is denied. JavaScript error on request to secured page

问题描述

在页面 SomePage.aspx ，通过JavaScript代码（XMLHttpRequest）我调用 SecuredPage.aspx 使用下一个代码：

On page SomePage.aspx, by JavaScript code (XMLHttpRequest) I call SecuredPage.aspx used next code:

    var httpRequest = GetXmlHttp();
    var url = "https://myhost.com/SecuredPage.aspx";

    var params = "param1=" + document.getElementById('param1').value +
                "&param2=" + document.getElementById('param2').value;

    httpRequest.open("POST", url, true);
    httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

    httpRequest.onreadystatechange = function() {
        //Call a function when the state changes.
        if (httpRequest.readyState == 4 && httpRequest.status == 200) {
            alert(httpRequest.responseText);
        }
    }
    httpRequest.send(params); // HERE ACCESS IS DENIED.

    //---------------------------------------------
    function GetXmlHttp() {
        var xmlhttp = false;
        if (window.XMLHttpRequest) {
            xmlhttp = new XMLHttpRequest();
        }
        else if (window.ActiveXObject)
        // Code for Internet Explorer.
        {
            try {
                xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
            }
            catch (e) {
                try {
                    xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
                } catch (E) {
                    xmlhttp = false;
                }
            }
        }
        return xmlhttp;
    }

它会抛出访问被拒绝错误。如果发送到http（http://myhost.com/SecuredPage.aspx），它可以正常工作。

It throws an Access is denied error. If send to http (http://myhost.com/SecuredPage.aspx), it works fine.

如何解决此问题？

推荐答案

如果你想获取 HTTPS 页面通过Ajax你需要从同一个域的HTTPS页面进行，没有其他办法，只要你使用Ajax。这是因为相同的原始政策。

If you wish to fetch an HTTPS page via Ajax you need to do it from an HTTPS page on the same domain, there is no other way, as long as you use Ajax. This is because of the same origin policy.

也就是说，有很多方法可以不使用Ajax，例如可以使用框架。

That said, there are plenty of ways to do this not using Ajax, for instance you can use frames.

另一种方法是使用 JSONP ，但这要求你提取，好吧，JSON：）

Another way is to use JSONP, but this requires that you are fetching, well, JSON :)

第三种方式，对生产来说往往不是很有用网站，但仍然可以很有趣，使用 YQL 作为代理。

A third way, that tends not to be very useful for production websites, but still can be fun to tinker around with, is to use YQL as a proxy.

最后，您始终可以设置自己的服务器端代理，以便调用获取HTTPS页面并将其发送的HTTP地址，但这很少是一个很好的解决方案如果可以避免的话。

Lastly you can always set up a serverside proxy of your own, so that you call an HTTP address that fetches the HTTPS page and sends it on, but this is rarely a good solution if it can be avoided.

这篇关于访问被拒绝。请求安全页面时出现JavaScript错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！