Javascript XMLHttpRequest:忽略无效的 SSL 证书
因此,由于安全证书无效,我在从通过 https 连接的设备获取信息时遇到了麻烦。我知道该设备是可信的,但我无权访问服务器端,因此无法更改它。我想知道是否有任何方法可以在 Javascript 中设置 XMLHttpRequest 对象,以忽略无效的 SSL 证书并获取信息。现在看来,它似乎只是拒绝证书并停止。谢谢。
so I have been having trouble with grabbing information from a device that is interfaced with via https due to the fact that it has an invalid security certificate. I know the device is to be trusted and I don't have access to the server-side so I can't change it. I was wondering if there was any way to set up an XMLHttpRequest object in Javascript to just ignore an invalid SSL certificate and just grab the information anyway. As it is now it seems to just reject the certificate and stop. Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
好吧,我之前已经找到了这个解决方案,但它不起作用,这是因为我仍在使用实际的 XMLHttpRequest 。使用以下语句创建它时:
有一个名为 setOption 的方法可供使用:
使用这些参数,请求现在会忽略无效证书并无论如何获取信息。如果我理解正确的话,这不适用于尝试运行脚本的任何非 Microsoft 技术,但这对于我的项目范围来说是可以的。
Well I had found this solution before but it didn't work, this was because I was still using actual XMLHttpRequest though. When creating it using this statement:
There is a method called setOption that is opened up for use:
With those parameters, the request now ignores the invalid certificate and grabs the information anyway. If I understand correctly this won't work with any non-Microsoft technology trying to run the script, but that's ok for the scope of my project.
不,没有。 XMLHTTPRequest 不允许您覆盖它。能够覆盖 SSL 安全性在您的情况下可能是有意义的,但如果您考虑一下,通常这将是一个坏主意。您永远不会希望允许互联网上的任意 javascript 代码连接到 js 主机(浏览器)知道可能存在 MITM 问题的所谓安全服务。
No, there isn't. XMLHTTPRequest doesn't allow you to override that. Being able to override SSL security might make sense in your case, but if you think about it, it would be a bad idea in general. You'd never want to allow arbitrary javascript code on the internet to connect to a supposedly secure service that the js host (the browser) knows has a possible MITM issue.
,但您不知道您是否真正连接到该设备。
这就是证书的目的。这就是为什么它必须是有效的。
Yes but you don't know whether you are really connected to the device.
That is the purpose of the certificate. That's why it has to be valid.