jquery $.ajax call results in 401 unauthorized response when in Chrome or Firefox, but works in IE
我有一个在需要使用JQuery $ .ajax方法(当前使用jquery 1.7.2)的网页上运行的脚本,以向不同域上的服务端点提交几个GET请求。我在IE(9,10,11)中使用了ajax调用,但它在Firefox和Chrome中失败了401 Unauthorized响应。 Chrome中的部分其他错误消息是"访问此资源需要完全身份验证"。
我的ajax调用设置如下(对于这些失败的请求,dataType为"json",async为true):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | $.ajax({ url: url, type:"GET", async: isAsync, dataType: dataType, username: user, password: pswd, success: function (response, status) { // success code here }, failure: function (response, status) { // failure code here }, complete: function (xhr, status) { // on complete code here } }); |
我传递了访问该服务所需的用户名和密码,这在IE中有效。我理解JQuery ajax函数将正确处理身份验证,因此如果响应返回指示需要授权,它将使用提供的凭据来正确地生成该请求。我在这里错过了什么吗?我是否需要手动添加Authorization标头才能生效?
更新:
以下是Chrome和IE通过F12调试工具报告的请求,响应和Cookie信息(某些信息已替换为[...已删除...])
铬(42.0.2311.90米)
Response Headers
access-control-allow-credentials:true
access-control-allow-origin:[...removed...]
access-control-expose-headers:
cache-control:private,max-age=0,must-revalidate connection:keep-alive
content-encoding:gzip content-length:296
content-type:text/html;charset=ISO-8859-1 date:Tue, 21 Apr 2015
20:55:12 GMT expires:Tue, 21 Apr 2015 20:55:12 GMT p3p:CP="NON DSP COR
CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
set-cookie:JSESSIONID=qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13;Path=/;Secure;HttpOnly
set-cookie:NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3945525d5f4f58455e445a4a42378b;path=/;secure;httponly
status:401 Unauthorized vary:Accept-Encoding version:HTTP/1.1
www-authenticate:Basic realm="Rally ALM"Request Headers
:host:rally1.rallydev.com :method:GET :path:[...removed...]
:scheme:https :version:HTTP/1.1 accept:application/json,
text/javascript, /; q=0.01 accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8 origin:[...removed...]
referer:[...removed...] user-agent:Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90
Safari/537.36Response Cookies
JSESSIONID qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13
NSC_vt1.sbmmzefw.dpn!-!IUUQT
ffffffff09091c3945525d5f4f58455e445a4a42378b
IE 11
Request Headers
Request GET [...removed...] Referer [...removed...] Accept
application/json, text/javascript, /; q=0.01 Accept-Language en-US
Accept-Encoding gzip, deflate User-Agent Mozilla/5.0 (Windows NT
6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host [...removed...] Connection Keep-Alive Cache-Control no-cache Cookie
JSESSIONID=qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08;
NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3145525d5f4f58455e445a4a42378b;
RALLY-Detail-treeCollapsed=false;
ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;
SUBBUCKETID=713Response Headers
Response HTTP/1.1 200 OK RallyRequestID
qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-0810353108 Expires Thu, 01
Jan 1970 00:00:00 GMT Content-Type text/javascript; charset=utf-8
ETag "0101c2c8d3463ee3c1a4f950d4142b7d3" P3P CP="NON DSP COR CURa
PSAa PSDa OUR NOR BUS PUR COM NAV STA" Cache-Control
private,max-age=0,must-revalidate Date Tue, 21 Apr 2015 20:58:17 GMT
Connection keep-alive Set-Cookie
ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;Path=/;Domain=[...removed...];Secure;HttpOnly
Set-Cookie
SUBBUCKETID=713;Path=/;Domain=[...removed...];Secure;HttpOnly
Content-Length 319Cookies
Sent JSESSIONID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08
Sent NSC_vt1.sbmmzefw.dpn!-!IUUQT
ffffffff09091c3145525d5f4f58455e445a4a42378b Sent
RALLY-Detail-treeCollapsed false Sent ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU Sent
SUBBUCKETID 713 Received ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU At end of session
[...removed...] / Yes Yes Received SUBBUCKETID 713 At end of
session [...removed...] / Yes Yes
我遇到了一个jquery论坛帖子,其中包含有关此问题的一些其他信息。 根据我在那里发现的内容,我将其添加到$ .ajax调用中:
1 2 3 | beforeSend: function (xhr) { xhr.setRequestHeader('Authorization', makeBaseAuth(user, pswd)); } |
其中makeBaseAuth()使用btoa()函数,如下所示:
1 2 3 4 5 6 7 8 | makeBaseAuth: function(user, pswd){ var token = user + ':' + pswd; var hash =""; if (btoa) { hash = btoa(token); } return"Basic" + hash; } |
这似乎现在在Chrome中工作,我没有得到登录提示或401响应,请求正在进行,我得到了预期的响应。 我也删除了选项