jQuery AJAX 调用导致错误状态 403
时间:2023-10-14问题描述
我正在使用 jQuery AJAX 对 Web 服务进行查询.我的查询如下所示:
I'm making a query to a web service using jQuery AJAX. My query looks like this:
var serviceEndpoint = 'http://example.com/object/details?version=1.1';
$.ajax({
type: 'GET',
url: serviceEndpoint,
dataType: 'jsonp',
contentType: 'jsonp',
headers: { 'api-key':'myKey' },
success: onSuccess,
error: onFailure
});
执行此操作时,我收到 403 状态错误.我不明白为什么我的调用会导致状态码为 403.我控制着我的服务的安全性,它被标记为完全开放.我知道密钥是有效的,因为我在另一个调用中使用它,它有效.这是有效的调用:
When I execute this, I get a status error of 403. I do not understand why my call results in having the status code 403. I'm in control of the security on my service and it is marked as wide-open. I know the key is valid, because I'm using it in another call, which works. Here is the call that works:
var endpoint = 'http://example.com/object/data/item?version=1.1';
$.ajax({
type: 'POST',
url: endpoint,
cache: 'false',
contentType:'application/json',
headers: {
'api-key':'myKey',
'Content-Type':'application/json'
},
data: JSON.stringify({
id: 5,
count:true
}),
success: onDataSuccess,
error: onDataFailure
});
我知道这是两个不同的端点.但我 100% 确信这不是服务器端身份验证或权限错误.再一次,服务器端的一切都是开放的.这意味着我在客户端请求上犯了一些错误.
I know these are two different endpoints. But I'm 100% convinced this is not a server-side authentication or permission error. Once again, everything is wide open on the server-side. Which implies that I'm making some mistake on my client-side request.
我觉得我应该传达这个请求是在开发过程中提出的.所以,我从 http://localhost:3000 运行它.出于这个原因,我立即认为这是一个 CORS 问题.但一切看起来都是正确的.我的 POST 请求有效,但我的 GET 并没有让我感到非常沮丧.我错过了什么吗?会是什么?
I feel I should communicate that this request is being made during development. So, I'm running this from http://localhost:3000. For that reason, I immediately assumed it was a CORS issue. But everything looks correct. The fact that my POST request works, but my GET doesn't has me absolutely frustrated. Am I missing something? What could it be?
推荐答案
403错误的原因是你没有发送headers.由于您正在发出 CORS 请求,因此您无法发送任何自定义标头,除非服务器通过在响应中添加 Access-Control-Allow-Headers 来启用这些标头.
The reason of 403 error is you are not sending headers. Since you are making a CORS request, you cannot send any custom headers unless server enables these header by adding Access-Control-Allow-Headers to the response.
在 preflighted-request 中,客户端向服务器发出 2 个请求.第一个是预检(使用 OPTIONS 方法),第二个是真正的请求.服务器发送 Access-Control-Allow-Headers 标头作为预检请求的响应.因此,它可以发送一些标头.通过这种方式,您的 POST 请求可以工作,因为 POST 请求是预检请求.但是对于 GET 请求,没有预检来收集 Access-Control-Allow-Headers 标头和浏览器在这种情况下不会发送您的自定义标头.
In a preflighted-request, client makes 2 requests to the server. First one is preflight (with OPTIONS method) and the second one is the real request. The server sends Access-Control-Allow-Headers header as a response of the preflight request. So it enables some headers to be sent. By this way your POST request can work because the POST request is a preflight-request. But for a GET request, there is no preflight to gather Access-Control-Allow-Headers header and browser doesn't send your custom headers in this case.
解决此问题的方法:
作为一种解决方法,将您的 dataType 和 contentType 设置为 json,如下所示:
As a workaround, set your dataType and contentType to json as the following:
var serviceEndpoint = 'http://example.com/object/details?version=1.1';
$.ajax({
type: 'GET',
url: serviceEndpoint,
dataType: 'json',
contentType: 'json',
headers: { 'api-key':'myKey' },
success: onSuccess,
error: onFailure
});
通过这种方式,您的获取请求将是一个预检请求.如果您的服务器使用 api-key" rel="nofollow noreferrer">Access-Control-Allow-Headers 标头,它会起作用.
By this way, your get request will be a preflighted request. If your server enables the api-key with Access-Control-Allow-Headers header, it will work.
上述请求的示例服务器配置(用 express.js 编写):
Sample server configuration for the above request (written in express.js):
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Methods', '*');
res.setHeader('Access-Control-Allow-Headers', 'api-key,content-type');
res.setHeader('Access-Control-Allow-Credentials', true);
添加:
实际上,contentType 应该是 application/javascript 或 application/json 在进行 jsonp 请求时.没有 contentType 作为 jsonp.
Actually, contentType should be either application/javascript or application/json while doing a jsonp request. There is no contentType as jsonp.
这篇关于jQuery AJAX 调用导致错误状态 403的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!
相关文章
即使在调用 abort (jQuery) 之后,浏览器也会等待Browser waits for ajax call to complete even after abort has been called (jQuery)(即使在调用 abort (jQuery) 之后,浏览器也会等待 ajax 调用- XMLHttpRequest 无法加载,请求的资源上不存在“AXMLHttpRequest cannot load, No #39;Access-Control-Allow-Origin#39; header is present on the requested resource(XMLHttpRequest 无法加载,请求的资
- XHR HEAD 请求是否有可能不遵循重定向 (301 302)Is it possible for XHR HEAD requests to not follow redirects (301 302)(XHR HEAD 请求是否有可能不遵循重定向 (301 302))
- NETWORK_ERROR:XMLHttpRequest 异常 101NETWORK_ERROR: XMLHttpRequest Exception 101(NETWORK_ERROR:XMLHttpRequest 异常 101)
- XMLHttpRequest 206 部分内容XMLHttpRequest 206 Partial Content(XMLHttpRequest 206 部分内容)
- XmlHttpRequest onprogress 间隔XmlHttpRequest onprogress interval(XmlHttpRequest onprogress 间隔)