如何向 DOM 表单元素添加授权标头?
我正在尝试将文件上传到服务器,并按如下方式设置 DOM 元素:
_uploadForm = document.createElement("form");
_uploadForm.method = "POST";
_uploadForm.action = "#";
if(_isBrowser.IE)
_uploadForm.encoding = "multipart/form-data";
else
_uploadForm.enctype = "multipart/form-data";
我的服务器需要 http 基本授权标头。我怎样才能通过这个 DOM 元素传递它?
I am trying to upload a file to a server, and have my DOM element setup as such:
_uploadForm = document.createElement("form");
_uploadForm.method = "POST";
_uploadForm.action = "#";
if(_isBrowser.IE)
_uploadForm.encoding = "multipart/form-data";
else
_uploadForm.enctype = "multipart/form-data";
My server requires an http basic authorization header. How can I pass that through this DOM element?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您的 JavaScript 客户端在提交表单时必须添加标头。
我不确定您正在使用哪个 javacript 客户端库,但是像 Angular 这样的东西确实允许您设置默认标头,甚至可以在发送之前添加可以添加标头的拦截器。
Your javascript client is going to have to add headers when submitting the form.
I am not sure which javacript client lib you are using, but things like angular do allow you to set default headers or even have interceptors that can add headers before sending.
DOM 元素与授权无关,它们只是浏览器内部各种 html 标签的表示。服务器要求授权 - 如果页面位于受保护区域中,那么服务器将要求凭据,这与表单本身无关。
DOM elements have nothing to do with authorization, they're just the internal browser's representation of the various html tags. Authorization is demanded by the server - if the page is in a protected area, then the server will demand credentials, and that has nothing to do with the form itself.
最简单的方法是从同一文件夹提供上传表单和上传处理程序,并使用 .htaccess 对两者强制进行基本身份验证。然后,在加载上传表单时,浏览器会自动请求凭据,并且凭据将随上传一起自动发送(我相信)。
但是,最好的选择是根本不使用 HTTP Basic 身份验证。它会在每次请求时以明文形式发送密码,除非您使用 SSL,而且一般来说,使用起来很麻烦。
如果您坚持使用Basic,我相信可以使用ActionScript(编译为SWF)来完成。我还知道一种在 AJAX 调用上设置授权标头的方法,但是您无法使用 AJAX 调用上传文件,并且浏览器不记得通过 AJAX 调用发送的授权标头。
The easiest way is to serve the upload form and the upload handler from the same folder, and use .htaccess to force Basic authentication for both. Then the browser automatically requests credentials when the upload form is loaded, and the credentials would be sent automatically with the upload (I believe).
However, your best bet is not to use HTTP Basic authentication at all. It sends passwords in clear text on every request unless you're using SSL, and in general, it is a hassle to use.
If you insist on using Basic, I believe it can be done with ActionScript (compiled to an SWF). I also know a way to set an Authorization header on an AJAX call, but you can't upload a file with an AJAX call, and the browser does not remember Authorization headers sent via an AJAX call.