检索 HTTP 标头令牌
我正在做一个项目,遇到了一个到目前为止我无法解决的问题。
该项目是一个使用 jquery 移动框架构建的移动 Web 应用程序。 Web 应用程序可以从 wcf 服务中提取 json 并使用 jquery 移动 ui 效果渲染它。我们已经达到了实施基于令牌的安全性的阶段,这就是我的问题所在。此时,我想添加一个自定义 HTTP 标头,将其用于所有其他 ajax 请求。
function login_service()
{
//$.mobile.pageLoading();
var stringUsername = $('#txtUsername').val();
var stringPassword = $('#txtPassword').val();
$('#loginMessage').empty(); // Empty message div
$.ajax(
{
url: "urlstring"+stringUsername+"/"+stringPassword, // This URL uses https
dataType: "jsonp",
type: 'GET',
beforeSend: setHeader,
success: function(loginResult)
{
$('#loginMessage').html('<a>'+ loginResult.tkt + '</a>');
tkn = loginResult.tkt; // Json token
if(tkn == null)
{
$('#loginMessage').append("invalid login:" + ' ' + '<br>' + "token:" + ' ' + tkn);
$.mobile.pageLoading(true);
}
else
{
$.mobile.changePage('#search'); // Change page to search screen
}
},
error: function(status)
{
alert(status);
$.mobile.pageLoading(true); // End loading animation
}
})
}
function setHeader(xhr)
{
xhr.setRequestHeader('Authorization', tkn);
alert("header set");
}
function doSearch_webservice(){ // Start of function webservice
$.ajax({ // Start of ajax call
url: "urlstring"+$('#jsonSearch').val(), // If URL string is http, custom header will
// be displayed in fiddler/firebug. IF HTTPS custom header won't work.
dataType: 'jsonp',
type: 'GET',
timeout: '20000',
beforeSend: setHeader,
success: function(json_results)
{// Start of success function
if(json_results.keys == null)
{
$('#errMessage').html('<p class="error"><strong>'+ "Status:"
+ "No record found" + "<br>Please try again" +'</strong> </p>');
$.mobile.pageLoading(true);
}
else
{
$('#jsonResponse ul').remove();
// jquery mobile type i.e. data-inset
$('#jsonResponse').append('<ul class="listItems" data-role="listview" data-inset="true"></ul>');
var listItems = $('#jsonResponse').find('ul');
$.each(json_results.keys, function(key) { // Start of each loop
html=
'<a href="#" data-transition="slide" data-position="inline"OnClick="passQryStrg(\''+json_results.keys[key].id+'\' , \''+json_results.keys[key].cat+'\' );">'+'<br>'+' '+'<font class="big-text"><b>'+' '+json_results.keys[key].lbl[0]+' '+'</font></b>'+' '+'<font class="small-text">'+' '+'<br>'+' '+json_results.keys[key].lbl[1]+' '+'</font>'+'</a>'
listItems.append('<li>'+html+'</li>');
}); // End of each loop
$('#info jsonResponse ul').listview();
$.mobile.pageLoading(true);
$.mobile.changePage( "#info", { transition: "slide"} );
$("#info").page("destroy").page();
}
// Destroy the page - next function call won't break css
}, // End of success function
error: function(jqXHR, textStatus, errorThrown)
{
$('#errMessage').html('<p class="error"><strong>'+ "Status:" + textStatus + "<br>Please try again" +'</strong> </p>');
$.mobile.pageLoading(true);
}
}); // End of ajax call
}; // Emd of webservice function
概括: 如果 do_search ajax 请求使用 http url,我可以添加自定义标头。但是我需要将 url 更改为我们的 wcf 服务使用的 https。当我进行此更改时,自定义标头将停止工作。如果我的解释不清楚,我会尽力回答。
谢谢
I am working on a project and have come across a problem that so far I have been unable to solve.
The project is a mobile web application built using the jquery mobile framework. The web app can pull json from a wcf service and render it using jquery mobile ui effects. We have reached the stage where we are implementing token based security which is where my problem lies. At this moment, I want to add a custom HTTP Header which I will use for all my other ajax request.
function login_service()
{
//$.mobile.pageLoading();
var stringUsername = $('#txtUsername').val();
var stringPassword = $('#txtPassword').val();
$('#loginMessage').empty(); // Empty message div
$.ajax(
{
url: "urlstring"+stringUsername+"/"+stringPassword, // This URL uses https
dataType: "jsonp",
type: 'GET',
beforeSend: setHeader,
success: function(loginResult)
{
$('#loginMessage').html('<a>'+ loginResult.tkt + '</a>');
tkn = loginResult.tkt; // Json token
if(tkn == null)
{
$('#loginMessage').append("invalid login:" + ' ' + '<br>' + "token:" + ' ' + tkn);
$.mobile.pageLoading(true);
}
else
{
$.mobile.changePage('#search'); // Change page to search screen
}
},
error: function(status)
{
alert(status);
$.mobile.pageLoading(true); // End loading animation
}
})
}
function setHeader(xhr)
{
xhr.setRequestHeader('Authorization', tkn);
alert("header set");
}
function doSearch_webservice(){ // Start of function webservice
$.ajax({ // Start of ajax call
url: "urlstring"+$('#jsonSearch').val(), // If URL string is http, custom header will
// be displayed in fiddler/firebug. IF HTTPS custom header won't work.
dataType: 'jsonp',
type: 'GET',
timeout: '20000',
beforeSend: setHeader,
success: function(json_results)
{// Start of success function
if(json_results.keys == null)
{
$('#errMessage').html('<p class="error"><strong>'+ "Status:"
+ "No record found" + "<br>Please try again" +'</strong> </p>');
$.mobile.pageLoading(true);
}
else
{
$('#jsonResponse ul').remove();
// jquery mobile type i.e. data-inset
$('#jsonResponse').append('<ul class="listItems" data-role="listview" data-inset="true"></ul>');
var listItems = $('#jsonResponse').find('ul');
$.each(json_results.keys, function(key) { // Start of each loop
html=
'<a href="#" data-transition="slide" data-position="inline"OnClick="passQryStrg(\''+json_results.keys[key].id+'\' , \''+json_results.keys[key].cat+'\' );">'+'<br>'+' '+'<font class="big-text"><b>'+' '+json_results.keys[key].lbl[0]+' '+'</font></b>'+' '+'<font class="small-text">'+' '+'<br>'+' '+json_results.keys[key].lbl[1]+' '+'</font>'+'</a>'
listItems.append('<li>'+html+'</li>');
}); // End of each loop
$('#info jsonResponse ul').listview();
$.mobile.pageLoading(true);
$.mobile.changePage( "#info", { transition: "slide"} );
$("#info").page("destroy").page();
}
// Destroy the page - next function call won't break css
}, // End of success function
error: function(jqXHR, textStatus, errorThrown)
{
$('#errMessage').html('<p class="error"><strong>'+ "Status:" + textStatus + "<br>Please try again" +'</strong> </p>');
$.mobile.pageLoading(true);
}
}); // End of ajax call
}; // Emd of webservice function
Summary:
I can add a custom header if do_search ajax request uses a http url. However I need to change the url to https which our wcf service uses. When I make this change custom header stops working. Apologies if my explanation is unclear, I will try to answer to responses the best I can.
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我已经解决了我一直遇到的问题。
使用 xmlHttpRequest 对象创建自定义 HTTP 请求标头时。或者就我而言,因为我一直在使用 jquery,一个 ajax 请求。发出请求的网页和请求本身都必须使用具有相同协议的 url。例如 https。如果网页有 http url 并且使用 https 发出 ajax 请求,则这将不起作用。
这是因为 http://www.w3.org/Security/ 上定义的同源策略wiki/Same_Origin_Policy 不允许这样做。它是为了保护网站免受安全漏洞的影响。如果没有这样的安全性,脚本就可以利用网站漏洞。
希望这能帮助任何陷入这个特定问题的人。
I have solved the problem I have been having.
When using an xmlHttpRequest object to create a custom HTTP request header. Or in my case since I have been using jquery, an ajax request. Both the webpage making the request and the request itself must use a url with the same protocol. E.g. https. If the webpage has a http url and its making a ajax request with https, this will not work.
This is because of the Same Origin Policy as defined on http://www.w3.org/Security/wiki/Same_Origin_Policy won't allow it. It is to protect websites from security vulnerabilities. Without such security, scripts can exploit website vulnerabilities.
Hopefully this will help anybody who gets stuck on this particular problem.
您应该使用 jQuery.ajax() 的
headers选项。所以您需要以这种方式传递标头:
如果您的 JSON 令牌是字符串,只需在之前使用 jQuery.parseJSON() :
You should use the
headersoptions of jQuery.ajax().So you'll need to pass your headers this way:
If you JSON token is a string, just convert it before with jQuery.parseJSON() :