jquery $.ajax 在 Chrome 或 Firefox 中调用导致 401 未授权响应,但在 IE 中有效
jquery $.ajax call results in 401 unauthorized response when in Chrome or Firefox, but works in IE
我在网页上有一个脚本运行需要使用JQuery$.ajax方法(目前使用jquery1.7.2)提交对不同域上的服务端点的多个 GET 请求。我有 ajax 调用在 IE (9, 10, 11) 中工作,但它在 Firefox 和 Chrome 中失败并显示 401 未授权响应。 Chrome 中的部分附加错误消息是 "Full authentication is required to access this resource".
我的 ajax 调用设置如下(对于这些失败的请求,数据类型为 "json",异步为真):
$.ajax({
url: url,
type: "GET",
async: isAsync,
dataType: dataType,
username: user,
password: pswd,
success: function (response, status) {
// success code here
},
failure: function (response, status) {
// failure code here
},
complete: function (xhr, status) {
// on complete code here
}
});
我正在传递访问该服务所需的用户名和密码,这在 IE 中有效。我了解到 JQuery ajax 函数会正确处理身份验证,因此如果返回指示需要授权的响应,它将使用提供的凭据来正确发出该请求。我在这里错过了什么吗?我是否需要手动添加授权 header 才能正常工作?
更新:
这是 Chrome 和 IE 通过 F12 调试工具报告的请求、响应和 cookie 信息(一些信息替换为 [...removed...])
Chrome (42.0.2311.90 m)
Response Headers
access-control-allow-credentials:true
access-control-allow-origin:[...removed...]
access-control-expose-headers:
cache-control:private,max-age=0,must-revalidate connection:keep-alive
content-encoding:gzip content-length:296
content-type:text/html;charset=ISO-8859-1 date:Tue, 21 Apr 2015
20:55:12 GMT expires:Tue, 21 Apr 2015 20:55:12 GMT p3p:CP="NON DSP COR
CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
set-cookie:JSESSIONID=qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13;Path=/;Secure;HttpOnly
set-cookie:NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3945525d5f4f58455e445a4a42378b;path=/;secure;httponly
status:401 Unauthorized vary:Accept-Encoding version:HTTP/1.1
www-authenticate:Basic realm="Rally ALM"
Request Headers
:host:rally1.rallydev.com :method:GET :path:[...removed...]
:scheme:https :version:HTTP/1.1 accept:application/json,
text/javascript, /; q=0.01 accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8 origin:[...removed...]
referer:[...removed...] user-agent:Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90
Safari/537.36
Response Cookies
JSESSIONID qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13
NSC_vt1.sbmmzefw.dpn!-!IUUQT
ffffffff09091c3945525d5f4f58455e445a4a42378b
IE 11
Request Headers
Request GET [...removed...] Referer [...removed...] Accept
application/json, text/javascript, /; q=0.01 Accept-Language en-US
Accept-Encoding gzip, deflate User-Agent Mozilla/5.0 (Windows NT
6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host [...removed...] Connection Keep-Alive Cache-Control no-cache Cookie
JSESSIONID=qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08;
NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3145525d5f4f58455e445a4a42378b;
RALLY-Detail-treeCollapsed=false;
ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;
SUBBUCKETID=713
Response Headers
Response HTTP/1.1 200 OK RallyRequestID
qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-0810353108 Expires Thu, 01
Jan 1970 00:00:00 GMT Content-Type text/javascript; charset=utf-8
ETag "0101c2c8d3463ee3c1a4f950d4142b7d3" P3P CP="NON DSP COR CURa
PSAa PSDa OUR NOR BUS PUR COM NAV STA" Cache-Control
private,max-age=0,must-revalidate Date Tue, 21 Apr 2015 20:58:17 GMT
Connection keep-alive Set-Cookie
ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;Path=/;Domain=[...removed...];Secure;HttpOnly
Set-Cookie
SUBBUCKETID=713;Path=/;Domain=[...removed...];Secure;HttpOnly
Content-Length 319
Cookies
Sent JSESSIONID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08
Sent NSC_vt1.sbmmzefw.dpn!-!IUUQT
ffffffff09091c3145525d5f4f58455e445a4a42378b Sent
RALLY-Detail-treeCollapsed false Sent ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU Sent
SUBBUCKETID 713 Received ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU At end of session
[...removed...] / Yes Yes Received SUBBUCKETID 713 At end of
session [...removed...] / Yes Yes
我遇到了一个 jquery forum post,其中包含有关此问题的一些其他信息。根据我在那里找到的内容,我将其添加到 $.ajax 调用中:
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', makeBaseAuth(user, pswd));
}
其中 makeBaseAuth() 像这样使用 btoa() 函数:
makeBaseAuth: function(user, pswd){
var token = user + ':' + pswd;
var hash = "";
if (btoa) {
hash = btoa(token);
}
return "Basic " + hash;
}
这似乎在 Chrome 中有效,我没有收到登录提示或 401 响应,请求正在处理,我得到了预期的响应。我还删除了 xhrFields: { withCredentials: true } 选项,因为这似乎不是必需的。由于某种原因,这在 Firefox 中还不起作用,并且在 Firefox 调试器中我实际上无法进入 javascript 进行任何体面的调试以查看问题所在,这个脚本的工作方式是它的加载作为匿名脚本进入网页,我对此没有任何控制权。我有办法在 IE 和 Chrome 中获取脚本,但由于某种原因不能在 Firefox 中获取。我会认为这是一个胜利,只是让它在 Chrome 中发挥作用,感谢大家在正确的方向上督促我!
我在网页上有一个脚本运行需要使用JQuery$.ajax方法(目前使用jquery1.7.2)提交对不同域上的服务端点的多个 GET 请求。我有 ajax 调用在 IE (9, 10, 11) 中工作,但它在 Firefox 和 Chrome 中失败并显示 401 未授权响应。 Chrome 中的部分附加错误消息是 "Full authentication is required to access this resource".
我的 ajax 调用设置如下(对于这些失败的请求,数据类型为 "json",异步为真):
$.ajax({
url: url,
type: "GET",
async: isAsync,
dataType: dataType,
username: user,
password: pswd,
success: function (response, status) {
// success code here
},
failure: function (response, status) {
// failure code here
},
complete: function (xhr, status) {
// on complete code here
}
});
我正在传递访问该服务所需的用户名和密码,这在 IE 中有效。我了解到 JQuery ajax 函数会正确处理身份验证,因此如果返回指示需要授权的响应,它将使用提供的凭据来正确发出该请求。我在这里错过了什么吗?我是否需要手动添加授权 header 才能正常工作?
更新: 这是 Chrome 和 IE 通过 F12 调试工具报告的请求、响应和 cookie 信息(一些信息替换为 [...removed...])
Chrome (42.0.2311.90 m)
Response Headers
access-control-allow-credentials:true access-control-allow-origin:[...removed...] access-control-expose-headers: cache-control:private,max-age=0,must-revalidate connection:keep-alive content-encoding:gzip content-length:296 content-type:text/html;charset=ISO-8859-1 date:Tue, 21 Apr 2015 20:55:12 GMT expires:Tue, 21 Apr 2015 20:55:12 GMT p3p:CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA" set-cookie:JSESSIONID=qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13;Path=/;Secure;HttpOnly set-cookie:NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3945525d5f4f58455e445a4a42378b;path=/;secure;httponly status:401 Unauthorized vary:Accept-Encoding version:HTTP/1.1 www-authenticate:Basic realm="Rally ALM"
Request Headers
:host:rally1.rallydev.com :method:GET :path:[...removed...] :scheme:https :version:HTTP/1.1 accept:application/json, text/javascript, /; q=0.01 accept-encoding:gzip, deflate, sdch accept-language:en-US,en;q=0.8 origin:[...removed...] referer:[...removed...] user-agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36
Response Cookies
JSESSIONID qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13 NSC_vt1.sbmmzefw.dpn!-!IUUQT ffffffff09091c3945525d5f4f58455e445a4a42378b
IE 11
Request Headers
Request GET [...removed...] Referer [...removed...] Accept
application/json, text/javascript, /; q=0.01 Accept-Language en-US Accept-Encoding gzip, deflate User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host [...removed...] Connection Keep-Alive Cache-Control no-cache Cookie
JSESSIONID=qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08; NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3145525d5f4f58455e445a4a42378b; RALLY-Detail-treeCollapsed=false; ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU; SUBBUCKETID=713Response Headers
Response HTTP/1.1 200 OK RallyRequestID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-0810353108 Expires Thu, 01 Jan 1970 00:00:00 GMT Content-Type text/javascript; charset=utf-8 ETag "0101c2c8d3463ee3c1a4f950d4142b7d3" P3P CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA" Cache-Control private,max-age=0,must-revalidate Date Tue, 21 Apr 2015 20:58:17 GMT Connection keep-alive Set-Cookie ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;Path=/;Domain=[...removed...];Secure;HttpOnly Set-Cookie SUBBUCKETID=713;Path=/;Domain=[...removed...];Secure;HttpOnly Content-Length 319
Cookies
Sent JSESSIONID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08
Sent NSC_vt1.sbmmzefw.dpn!-!IUUQT ffffffff09091c3145525d5f4f58455e445a4a42378b Sent RALLY-Detail-treeCollapsed false Sent ZSESSIONID RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU Sent SUBBUCKETID 713 Received ZSESSIONID RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU At end of session [...removed...] / Yes Yes Received SUBBUCKETID 713 At end of session [...removed...] / Yes Yes
我遇到了一个 jquery forum post,其中包含有关此问题的一些其他信息。根据我在那里找到的内容,我将其添加到 $.ajax 调用中:
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', makeBaseAuth(user, pswd));
}
其中 makeBaseAuth() 像这样使用 btoa() 函数:
makeBaseAuth: function(user, pswd){
var token = user + ':' + pswd;
var hash = "";
if (btoa) {
hash = btoa(token);
}
return "Basic " + hash;
}
这似乎在 Chrome 中有效,我没有收到登录提示或 401 响应,请求正在处理,我得到了预期的响应。我还删除了 xhrFields: { withCredentials: true } 选项,因为这似乎不是必需的。由于某种原因,这在 Firefox 中还不起作用,并且在 Firefox 调试器中我实际上无法进入 javascript 进行任何体面的调试以查看问题所在,这个脚本的工作方式是它的加载作为匿名脚本进入网页,我对此没有任何控制权。我有办法在 IE 和 Chrome 中获取脚本,但由于某种原因不能在 Firefox 中获取。我会认为这是一个胜利,只是让它在 Chrome 中发挥作用,感谢大家在正确的方向上督促我!