Firefox 不允许使用 Prototype js 库进行跨域 Ajax GET 请求
我正在尝试执行跨域 ajax 请求并将内容填充到 JSP 页面中的 DIV 中,我使用的 javascript 方法如下,我
function fetchImgLeads(){
var myAjax = new Ajax.Request(
'http://someotherdomain:8080/imghtml?img=100',
{ method:'GET',
parameters:{},
requestHeaders :["Access-Control-Allow-Origin","*","Access-Control-Allow-Methods","POST, GET, OPTIONS","Access-Control-Allow-Headers", "X-PINGOTHER","Access-Control-Max-Age","1728000"],
onSuccess:function(t){
alert(t.responseText.trim());
$('imagediv').update(t.responseText);
},
onFailure:function(t){
//do something
}
}
);
}
在加载时调用此方法,并看到一个错误,内容为 HTTP/ 1.1 Firefox Web 控制台中出现 401 Unauthorized
。同样的事情在 IE 中也能正常工作。我为此使用 IE 8.0 和 Firefox 8。
除了 requestHeaders
之外,我还需要添加其他内容吗?
捕获的 Http headers 如下,即使 ajax 请求似乎也不起作用,
OPTIONS http://www.google.com/ HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Proxy-Connection: keep-alive
Origin: http://localhost:8080
Access-Control-Request-Method: GET
Access-Control-Request-Headers: access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,access-control-max-age,x-prototype-version,x-requested-with
HTTP/1.1 405 Method Not Allowed
Content-Type: text/html; charset=UTF-8
Date: Fri, 25 Nov 2011 05:53:54 GMT
Server: GFE/2.0
Content-Length: 11819
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
I am trying to do a cross domain ajax request and populate the contents into a DIV in my JSP page, the javascript method I am using is as follows,
function fetchImgLeads(){
var myAjax = new Ajax.Request(
'http://someotherdomain:8080/imghtml?img=100',
{ method:'GET',
parameters:{},
requestHeaders :["Access-Control-Allow-Origin","*","Access-Control-Allow-Methods","POST, GET, OPTIONS","Access-Control-Allow-Headers", "X-PINGOTHER","Access-Control-Max-Age","1728000"],
onSuccess:function(t){
alert(t.responseText.trim());
$('imagediv').update(t.responseText);
},
onFailure:function(t){
//do something
}
}
);
}
I am calling this on load and I see an error that says HTTP/1.1 401 Unauthorized
in the Firefox web console. The same thing works fine in IE. I am using IE 8.0 and Firefox 8 for this.
Apart from the requestHeaders
, Is there something else I have to add?
The Http Headers captured are as follows, even then the ajax request does not seem to be working,
OPTIONS http://www.google.com/ HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Proxy-Connection: keep-alive
Origin: http://localhost:8080
Access-Control-Request-Method: GET
Access-Control-Request-Headers: access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,access-control-max-age,x-prototype-version,x-requested-with
HTTP/1.1 405 Method Not Allowed
Content-Type: text/html; charset=UTF-8
Date: Fri, 25 Nov 2011 05:53:54 GMT
Server: GFE/2.0
Content-Length: 11819
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我面临着同样的问题。
这是我到目前为止发现的:
https://developer.mozilla.org/En/Using_XMLHttpRequest< /a>
(Firefox 3 之前的 Firefox 版本允许您将首选项 Capability.policy..XMLHttpRequest.open 设置为 allAccess 以给予特定站点跨站点访问。不再支持此
http://en.wikipedia.org/wiki/XMLHttpRequest#Cross-domain_requests
希望这会有所帮助...
i am facing the same issue.
This is what i found out about it so far:
https://developer.mozilla.org/En/Using_XMLHttpRequest
(Versions of Firefox prior to Firefox 3 allowed you to set the preference capability.policy..XMLHttpRequest.open to allAccess to give specific sites cross-site access. This is no longer supported.)
http://en.wikipedia.org/wiki/XMLHttpRequest#Cross-domain_requests
Hope this will help...
您正在尝试通过请求发送“Access-Control-Allow-*”标头。
相反,您的服务器应该回复这些标头。
CORS(预检)的工作方式如下:
浏览器向服务器请求发送请求的权限:Access-Control-Request-*标头(当您尝试执行跨域请求时,浏览器会自动添加它们)< /p>
服务器响应Access-Control-Allow-* 标头使浏览器知道是否允许发送真实请求
Curl 命令应该向您显示类似的内容:
如果您对向服务器发送任何自定义标头不感兴趣。然后只需删除 Access-Control-Allow-Headers: 行
You are trying to send 'Access-Control-Allow-*' headers with request.
Instead you server should reply with these headers.
CORS (preflight) works this way:
Browser asks from server permission to send request: Access-Control-Request-* headers (Browser adds them automatically when you try to do cross domain request)
Server responds with Access-Control-Allow-* headers making browser know if it is allowed to send real request
Curl command should show you something like that:
If you are not interested in sending any custom headers to server. Then just drop Access-Control-Allow-Headers: line