jqXHR - http-status-code-403(但状态代码为0)
我得到状态代码 0 ...但它是代码 403。 有人能告诉我问题是什么吗?
JQUERY
var jqxhr = $.ajax({
url: 'http://gdata.youtube.com/feeds/api/users/bernd/favorites?alt=json',
dataType: 'json'
}).success(function(xhr) {
alert(xhr.status);
}).error(function(xhr) {
alert(xhr.status);
return false;
})
DEMO -> http://jsfiddle.net/QFuBr/
提前致谢!
彼得
i get the statuscode 0 ... but it is the code 403.
Can someone tell me what the problem is?
JQUERY
var jqxhr = $.ajax({
url: 'http://gdata.youtube.com/feeds/api/users/bernd/favorites?alt=json',
dataType: 'json'
}).success(function(xhr) {
alert(xhr.status);
}).error(function(xhr) {
alert(xhr.status);
return false;
})
DEMO -> http://jsfiddle.net/QFuBr/
Thanks in advance!
Peter
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
服务器向浏览器发出 403 错误,因为您无权访问该资源,因为报告的错误消息(“请求用户的收藏夹不公开。”)。
但是,服务器甚至没有获取 jsFiddle 示例中的请求。
不允许您发出跨浏览器 AJAX 请求。这称为同源策略。这是出于安全原因,防止恶意编码者在您不知情的情况下做出令人不快的事情。这是一种生硬的工具,但却是一种有效的工具。
当您甚至没有向服务器发送请求时,就没有状态代码。 XMLHTTPRequest 对象(及其 jqXHR 包装器)将其报告为
0。基本上,您无法在浏览器中执行您想要执行的操作。
如果您需要浏览器异步访问这样的数据,则需要在服务器上编写一个包装器以从远程服务器获取信息并将其提供给浏览器。有一个解决方法(称为 JSONP – JSON with Padding)
但我不相信 YouTube 支持它。编辑:Per gradbot的答案,可以通过更改代码将
dataType设置为jsonp来执行 JSONP 请求。但是,您现在无法使用
xhr.status。这是因为 JSONP 不使用 XHR 对象,因此没有可检查的状态。这是一个使用建议的 feed gradbot 的工作示例。请注意,结果对象被传递给处理程序,而不是 jqXHR 对象。
The server gives a 403 error to a browser, because you don't have permission to access the resource, because of the error message reported ("Favorites of requested user are not public.").
However, the server doesn't even get the request in the jsFiddle example.
You aren't allowed to make cross-browser AJAX requests. This is called the same-origin policy. It is for security reasons, to prevent malicious coders from doing unpleasant things without your knowledge. It's a blunt tool, but an effective one.
When you don't even get as far as sending a request to the server, there is no status code. This gets reported by the XMLHTTPRequest object (and its jqXHR wrapper) as
0.Basically, you can't do what you're trying to do in the browser.
If you need the browser to access data like this asynchronously, you'll need to write a wrapper on your server to fetch the information from the remote server and feed it to the browser. There is a workaround (it's called JSONP – JSON with Padding)
but I don't believe YouTube supports it.Edit: Per gradbot's answer, it is possible to do a JSONP request by changing your code to set
dataTypetojsonp.However, you won't now be able to use
xhr.status. This is because JSONP does not use the XHR object, so there is no status available to check.Here's a working example using the feed gradbot suggested. Note that the result object is passed to the handler, rather than the jqXHR object.
您需要设置
dataType: "jsonp"并且需要以您尝试从中获取收藏夹的用户身份登录。在本例中,我使用自己的用户名grabot,并且警报成功返回。如果您尝试访问的帐户没有有效的 Cookie,则 API 调用将返回
403,内容为“请求用户的收藏夹不公开。”You need to set
dataType: "jsonp"and you need to be logged in as the user you are trying to get favorites from. In this case I use my own username grabot and the alert comes back as success.If you don't have a valid cookie for the account your trying to access then the api call will return a
403with the content"Favorites of requested user are not public."403 是因为您需要为正在访问视频的用户提供凭据。假设提供了正确的凭据,由于跨域限制,请求仍然会失败。
在大多数情况下,状态代码
0意味着请求无法发送到服务器。以下是 Chrome 控制台日志为您的小提琴示例显示的内容。事实上,YouTube 所有 Google Data API 均支持JSONP 但要使用它,您必须传递一个值为
的并指定alt参数json-in-scriptdataType为jsonp。 jQuery 将为您提供回调参数。根据经验测试,Youtube 似乎并不关心alt参数具体是json-in-script。只要指定了callback参数,alt参数就可以只采用值json。http://gdata.youtube.com/feeds/api/users /gradbot/favorites?alt=json
http://gdata.youtube.com/feeds /api/users/gradbot/favorites?alt=json&callback=foo
这是一个 可公开访问的 feed 的工作示例。
The 403 is because you need to provide credentials for the user whose videos are being accessed. Assuming correct credentials are supplied, the request will still fail because of cross-domain restrictions.
In most cases, status code
0implies that the request could not be sent to the server. Here's what the Chrome console logs show for your fiddle example.Youtube, in-fact all Google Data API's support JSONP but to use it, you have to pass an
altparameter with the valuejson-in-scriptand specify thedataTypeasjsonp. jQuery will supply the callback parameter for you. Based on empirical testing, it appears that Youtube doesn't care about thealtparameter to be specificallyjson-in-script. As long as acallbackparameter is specified, thealtparameter can take just the valuejson.http://gdata.youtube.com/feeds/api/users/gradbot/favorites?alt=json
http://gdata.youtube.com/feeds/api/users/gradbot/favorites?alt=json&callback=foo
Here's a working example for a publicly accessible feed.
由于大多数现代浏览器的安全限制,您无法执行跨域请求(无论是 GET 还是 POST)。
如果您仍然想从其他域获取数据,请考虑使用您安装在服务器上并通过其发送所有请求的反向代理。对于浏览器来说,数据看起来仍然来自同一域。
最流行的方法之一是 Apache 中的 mod_reverse,但根据您的服务器环境,还有其他替代方案。
如果 Google API 支持,另一种选择是使用 JSONP。
You can't do cross-domain requests(be it GET or POST) due to security restrictions in most modern browsers.
If you still want to fetch data from other domain consider using a reverse proxy that you install on you server and send all requests through. For browser it will still look like data comes from same domain.
One of the most popular ones is mod_reverse in Apache but there are other alternatives depending on what your server environment is.
Another alternative is to user JSONP if Google API supports it.