关于javascript:jquery $ .ajax调用在Chrome或Firefox中导致401未经授权的响应,但在IE中有效

jquery $.ajax call results in 401 unauthorized response when in Chrome or Firefox, but works in IE

我有一个在需要使用JQuery $ .ajax方法(当前使用jquery 1.7.2)的网页上运行的脚本,以向不同域上的服务端点提交几个GET请求。我在IE(9,10,11)中使用了ajax调用,但它在Firefox和Chrome中失败了401 Unauthorized响应。 Chrome中的部分其他错误消息是"访问此资源需要完全身份验证"。

我的ajax调用设置如下(对于这些失败的请求,dataType为"json",async为true):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
    $.ajax({
      url: url,
      type:"GET",
      async: isAsync,
      dataType: dataType,
      username: user,
      password: pswd,
      success: function (response, status) {
         // success code here
      },
      failure: function (response, status) {
         // failure code here
      },
      complete: function (xhr, status) {
         // on complete code here
      }
   });

我传递了访问该服务所需的用户名和密码,这在IE中有效。我理解JQuery ajax函数将正确处理身份验证,因此如果响应返回指示需要授权,它将使用提供的凭据来正确地生成该请求。我在这里错过了什么吗?我是否需要手动添加Authorization标头才能生效?

更新:
以下是Chrome和IE通过F12调试工具报告的请求,响应和Cookie信息(某些信息已替换为[...已删除...])

铬(42.0.2311.90米)

Response Headers

access-control-allow-credentials:true
access-control-allow-origin:[...removed...]
access-control-expose-headers:
cache-control:private,max-age=0,must-revalidate connection:keep-alive
content-encoding:gzip content-length:296
content-type:text/html;charset=ISO-8859-1 date:Tue, 21 Apr 2015
20:55:12 GMT expires:Tue, 21 Apr 2015 20:55:12 GMT p3p:CP="NON DSP COR
CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
set-cookie:JSESSIONID=qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13;Path=/;Secure;HttpOnly
set-cookie:NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3945525d5f4f58455e445a4a42378b;path=/;secure;httponly
status:401 Unauthorized vary:Accept-Encoding version:HTTP/1.1
www-authenticate:Basic realm="Rally ALM"

Request Headers

:host:rally1.rallydev.com :method:GET :path:[...removed...]
:scheme:https :version:HTTP/1.1 accept:application/json,
text/javascript, /; q=0.01 accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8 origin:[...removed...]
referer:[...removed...] user-agent:Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90
Safari/537.36

Response Cookies

JSESSIONID qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13
NSC_vt1.sbmmzefw.dpn!-!IUUQT
ffffffff09091c3945525d5f4f58455e445a4a42378b

IE 11

Request Headers

Request GET [...removed...] Referer [...removed...] Accept
application/json, text/javascript, /; q=0.01 Accept-Language en-US
Accept-Encoding gzip, deflate User-Agent Mozilla/5.0 (Windows NT
6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host [...removed...] Connection Keep-Alive Cache-Control no-cache Cookie
JSESSIONID=qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08;
NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3145525d5f4f58455e445a4a42378b;
RALLY-Detail-treeCollapsed=false;
ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;
SUBBUCKETID=713

Response Headers

Response HTTP/1.1 200 OK RallyRequestID
qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-0810353108 Expires Thu, 01
Jan 1970 00:00:00 GMT Content-Type text/javascript; charset=utf-8
ETag "0101c2c8d3463ee3c1a4f950d4142b7d3" P3P CP="NON DSP COR CURa
PSAa PSDa OUR NOR BUS PUR COM NAV STA" Cache-Control
private,max-age=0,must-revalidate Date Tue, 21 Apr 2015 20:58:17 GMT
Connection keep-alive Set-Cookie
ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;Path=/;Domain=[...removed...];Secure;HttpOnly
Set-Cookie
SUBBUCKETID=713;Path=/;Domain=[...removed...];Secure;HttpOnly
Content-Length 319

Cookies

Sent JSESSIONID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08
Sent NSC_vt1.sbmmzefw.dpn!-!IUUQT
ffffffff09091c3145525d5f4f58455e445a4a42378b Sent
RALLY-Detail-treeCollapsed false Sent ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU Sent
SUBBUCKETID 713 Received ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU At end of session
[...removed...] / Yes Yes Received SUBBUCKETID 713 At end of
session [...removed...] / Yes Yes


我遇到了一个jquery论坛帖子,其中包含有关此问题的一些其他信息。 根据我在那里发现的内容,我将其添加到$ .ajax调用中:

1
2
3
  beforeSend: function (xhr) {
     xhr.setRequestHeader('Authorization', makeBaseAuth(user, pswd));
  }

其中makeBaseAuth()使用btoa()函数,如下所示:

1
2
3
4
5
6
7
8
   makeBaseAuth: function(user, pswd){
      var token = user + ':' + pswd;
      var hash ="";
      if (btoa) {
         hash = btoa(token);
      }
      return"Basic" + hash;
   }

这似乎现在在Chrome中工作,我没有得到登录提示或401响应,请求正在进行,我得到了预期的响应。 我也删除了选项xhrFields: { withCredentials: true },因为这似乎没有必要。 由于某些原因,这还没有在Firefox中工作,并且在Firefox调试器中我实际上无法在javascript上进行任何体面的调试以查看问题所在,此脚本的工作方式是将其加载到网页中 作为一个匿名脚本,我没有任何控制权。 我有办法在IE和Chrome中使用脚本,但出于某种原因不能使用Firefox。 我认为这是一场胜利,只是让它在Chrome中运行,感谢大家为我提供了正确的方向!