是什么原因导致此 ajax-上传 javascript 错误?
What causes this ajax-upload javascript error?
我尝试以多部分形式上传带有 AjaxSubmitLink 的文件。文件上传本身运行良好,但随后我在调试控制台中收到 javascript-错误:
ERROR: Cannot read Ajax response for multipart form submit: SecurityError: Blocked a frame with origin "http://localhost:8888" from accessing a cross-origin frame.
ERROR: Wicket.Ajax.Call.failure: Error while parsing response: No XML response in the IFrame document
是什么导致了这个异常? (我该如何解决?)
我的代码:
public class AddAttachmentPanel
extends Panel
{
private static final Logger LOG = LoggerFactory.getLogger( AddAttachmentPanel.class );
@Inject
IRemoteIssueService remoteIssueService;
Form addAttachmentForm;
FileUploadField fuf;
public AddAttachmentPanel( String id, IModel<UiIssue> uiIssueModel )
{
super( id );
this.setVisible( false );
this.setOutputMarkupId( true );
this.setOutputMarkupPlaceholderTag( true );
this.addAttachmentForm = new Form<Void>( "addAttachmentForm" )
{
private static final long serialVersionUID = 3350671074490969089L;
@Override
protected void onError()
{
LOG.error( "Uh oh" );
}
@Override
protected void onSubmit()
{
super.onSubmit();
try
{
File file = AddAttachmentPanel.this.fuf.getFileUpload().writeToTempFile();
LOG.info( "Wrote file:" + file.length() );
}
catch ( Exception e )
{
// TODO Auto-generated catch block
e.printStackTrace();
}
uiIssueModel.detach();
WicketSession.get().info( "Success!" );
}
};
this.addAttachmentForm.setMultiPart( true );
this.addAttachmentForm.setMaxSize( Bytes.megabytes( Settings.UPLOAD_MAX_MB ) );
this.fuf = new FileUploadField( "fuf" );
this.fuf.setRequired( true );
this.addAttachmentForm.add( this.fuf );
this.addAttachmentForm.add( new AjaxSubmitLink( "saveAttachmentLink", this.addAttachmentForm )
{
private static final long serialVersionUID = 6351225213189683847L;
@Override
protected void onAfterSubmit( final AjaxRequestTarget target, final Form<?> form )
{
super.onAfterSubmit( target, form );
this.send( this.getPage(), Broadcast.BREADTH, new IssueUpdatedEvent( target, uiIssueModel.getObject() ) );
}
} );
this.add( this.addAttachmentForm );
}
}
这是由将 X-Frame-Options 设置为 DENY 引起的(我在 OWASP 扫描中这样做了)。
更改为 SAMEORIGIN 修复了它。
@Override
protected WebResponse newWebResponse( WebRequest webRequest, HttpServletResponse httpServletResponse )
{
WebResponse response = super.newWebResponse( webRequest, httpServletResponse );
//Protect against clicjJacking:
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
// and http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
response.addHeader( "X-Frame-Options", "SAMEORIGIN" );
return response;
}
我尝试以多部分形式上传带有 AjaxSubmitLink 的文件。文件上传本身运行良好,但随后我在调试控制台中收到 javascript-错误:
ERROR: Cannot read Ajax response for multipart form submit: SecurityError: Blocked a frame with origin "http://localhost:8888" from accessing a cross-origin frame.
ERROR: Wicket.Ajax.Call.failure: Error while parsing response: No XML response in the IFrame document
是什么导致了这个异常? (我该如何解决?)
我的代码:
public class AddAttachmentPanel
extends Panel
{
private static final Logger LOG = LoggerFactory.getLogger( AddAttachmentPanel.class );
@Inject
IRemoteIssueService remoteIssueService;
Form addAttachmentForm;
FileUploadField fuf;
public AddAttachmentPanel( String id, IModel<UiIssue> uiIssueModel )
{
super( id );
this.setVisible( false );
this.setOutputMarkupId( true );
this.setOutputMarkupPlaceholderTag( true );
this.addAttachmentForm = new Form<Void>( "addAttachmentForm" )
{
private static final long serialVersionUID = 3350671074490969089L;
@Override
protected void onError()
{
LOG.error( "Uh oh" );
}
@Override
protected void onSubmit()
{
super.onSubmit();
try
{
File file = AddAttachmentPanel.this.fuf.getFileUpload().writeToTempFile();
LOG.info( "Wrote file:" + file.length() );
}
catch ( Exception e )
{
// TODO Auto-generated catch block
e.printStackTrace();
}
uiIssueModel.detach();
WicketSession.get().info( "Success!" );
}
};
this.addAttachmentForm.setMultiPart( true );
this.addAttachmentForm.setMaxSize( Bytes.megabytes( Settings.UPLOAD_MAX_MB ) );
this.fuf = new FileUploadField( "fuf" );
this.fuf.setRequired( true );
this.addAttachmentForm.add( this.fuf );
this.addAttachmentForm.add( new AjaxSubmitLink( "saveAttachmentLink", this.addAttachmentForm )
{
private static final long serialVersionUID = 6351225213189683847L;
@Override
protected void onAfterSubmit( final AjaxRequestTarget target, final Form<?> form )
{
super.onAfterSubmit( target, form );
this.send( this.getPage(), Broadcast.BREADTH, new IssueUpdatedEvent( target, uiIssueModel.getObject() ) );
}
} );
this.add( this.addAttachmentForm );
}
}
这是由将 X-Frame-Options 设置为 DENY 引起的(我在 OWASP 扫描中这样做了)。
更改为 SAMEORIGIN 修复了它。
@Override
protected WebResponse newWebResponse( WebRequest webRequest, HttpServletResponse httpServletResponse )
{
WebResponse response = super.newWebResponse( webRequest, httpServletResponse );
//Protect against clicjJacking:
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
// and http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
response.addHeader( "X-Frame-Options", "SAMEORIGIN" );
return response;
}