抑制浏览器的身份验证对话框
我很抱歉已经有类似的问题,但我想更广泛地提出这个问题。
有没有什么方法可以在 Web 应用程序的客户端确定请求资源是否会返回 401 状态代码并导致浏览器显示丑陋的身份验证对话框?
或者,是否有任何方法可以在 Flash 中加载 mp3 音频资源,在出现 401 状态代码的情况下会隐性失败,而不是让浏览器显示丑陋的对话框?
如果我设置 URLRequest 对象的“authenticate”属性,Adobe Air 运行时将抑制身份验证,但该属性不在 Flash 运行时中。 任何适用于客户端的解决方案都可以。 XMLHttpRequest 不太可能起作用,因为问题中的资源位于不同的域。
不可见的失败很重要,因为应用程序将有一个包含许多音频资源的列表可供尝试,当有许多其他可用资源时,打扰用户尝试和验证其中一个资源是没有意义的。 该解决方案在客户端上运行非常重要,因为有问题的 mp3 来自我无法控制的各种服务器。
I apologize that there is a similar question already but I'd like to ask it more broadly.
Is there any way at all to determine on the client side of a web application if requesting a resource will return a 401 status code and cause the browser to display an ugly authentication dialog?
Or, is there any way at all to load an mp3 audio resource in flash which fails invisibly in the case of a 401 status code rather than letting the browser show an ugly dialog?
The Adobe Air run-time will suppress the authentication if I set the "authenticate" property of the URLRequest object but this property is not in the Flash run-time. Any solution which works on the client will do. An XMLHttpRequest is not likely to work as the resources in questions will be at different domains.
It is important to fail invisibly because the application will have a list of many audio resources to try and it makes no sense to bother the user to try and authenticate for one when there are many others available. It is important that the solution work on the client because the mp3's in question come from various servers outside my control.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我在 twitter api 上遇到了同样的问题 - 任何受保护的用户都需要客户端进行身份验证。
我能想到的唯一解决方案是在服务器端加载页面并返回带有 http 响应代码的 url 列表。
I'm having the same problem with the twitter api - any protected user requires the client to authenticate.
The only solution that I could come up with was to load the pages serverside and return a list of the urls with their http response code.
“有没有什么方法可以在 Web 应用程序的客户端确定请求资源是否会返回 401 状态代码并导致浏览器显示丑陋的身份验证对话框?”
不,一般来说不是。 401 响应是服务器指示需要进行身份验证的唯一标准方式。
"Is there any way at all to determine on the client side of a web application if requesting a resource will return a 401 status code and cause the browser to display an ugly authentication dialog?"
No, not in general. The 401 response is the only standard way for the server to indicate that authentication is necessary.
只需将对可能需要对 Ajax 调用进行身份验证的资源的访问进行包装即可。 您可以捕获响应代码,并使用 javascript 执行您想要的任何操作(即播放声音)。 如果响应代码正确,则使用 javascript 将用户转发到该资源。
这种方法很可能会在服务器上产生稍多的负载(在某些情况下您可能不得不多次加载相同的资源),但它应该可以工作。 任何有关如何使用 XMLHttpRequest 的优秀教程都应该包含您需要的所有内容。 例如看一下 http://www.xul.fr/en-xml- ajax.html
Just wrap your access to the resource that might potentially require authentication to an Ajax call. You can catch the response code, and use javascript to do whatever you want (ie. play that sound). If the response code is however alright, then use javascript to forward user to the resource.
Most likely this approach will generate slightly more load on server (you might have to resort to loading the same resource several times in some circumstances), but it should work. Any good tutorial about how to use XMLHttpRequest should contain all you need. Take a look at for instance http://www.xul.fr/en-xml-ajax.html
如果您使用 URLRequest 来获取文件,那么您遇到的不仅仅是优雅的错误处理,您还会遇到 Flash 和 AIR 运行时的根本差异。
如果使用 URLRequest 对象检索文件,则在向未设置策略文件以允许此类请求的每台服务器发出每个请求时,Flash 都会出现安全错误。 AIR 允许这些请求,因为它基本上就是客户端。 这是有道理的,因为这是安装应用程序和访问网页之间的区别。
我不想提供非答案,但如果您无法进行服务器端调用,并且您正在访问一系列“未知”服务器,那么这将是一条艰难的道路。
但也许我误解了,您只是想链接到文件并防止用户获得错误链接,还是想实际加载文件?
If you are using URLRequest to get the files, then you are running across more than just elegant error handling, you are running into a fundamental difference in the Flash and AIR run-times.
If using the URLRequest object to retrieve files you are going to get a security error from Flash on every request to every server that has not set a policy file to allow these sort of requests. AIR allows these requests since it basically IS the client. This makes sense since it's the difference between installing an application and visiting a web page.
I hate to provide the non-answer, but if you can't make a server-side call, and you are hitting a range of "not-known" servers, it's going to be a tough road to hoe.
But maybe I misunderstand, are you just trying to Link to the files and prevent the user from getting bad links, or are you trying to actually load the files?