1. 首页
  2. 问题
  3. 在Chrome或Firefox中,jquery $ .ajax调用会导致401未经授权的响应,但在IE中有效
小编典典

在Chrome或Firefox中,jquery $ .ajax调用会导致401未经授权的响应,但在IE中有效

ajax

我有一个运行在网页上的脚本,该脚本需要使用JQuery $ .ajax方法(当前使用jquery
1.7.2)将多个GET请求提交到不同域上的服务端点。我的ajax调用可以在IE(9、10、11)中运行,但在Firefox和Chrome中显示401未经授权的响应失败。Chrome中的其他错误消息的一部分是“访问此资源需要完全身份验证”。

我的ajax调用是这样设置的(这些失败的请求的dataType为“ json”,并且async为true):

    $.ajax({
      url: url,
      type: "GET",
      async: isAsync,
      dataType: dataType,
      username: user,
      password: pswd,
      success: function (response, status) {
         // success code here
      },
      failure: function (response, status) {
         // failure code here
      },
      complete: function (xhr, status) {
         // on complete code here
      }
   });

我正在传递访问服务所需的用户名和密码,这在IE中有效。我知道JQuery
ajax函数将正确处理身份验证,因此,如果返回响应指示需要授权,它将使用提供的凭据正确发出该请求。我在这里想念什么吗?我是否需要手动添加Authorization标头才能使其正常工作?

更新:这是Chrome和IE通过F12调试工具报告的请求,响应和cookie信息(某些信息已替换为[…已删除…])

Chrome(42.0.2311.90 m)

Response Headers

access-control-allow-credentials:true access-control-allow-origin:[…removed…] access-control-expose-headers: cache-control:private,max-age=0,must-revalidate connection:keep-alive content-encoding:gzip content-length:296 content-type:text/html;charset=ISO-8859-1 date:Tue, 21 Apr 2015 20:55:12 GMT expires:Tue, 21 Apr 2015 20:55:12 GMT p3p:CP=”NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA” set-cookie:JSESSIONID=qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13;Path=/;Secure;HttpOnly set-cookie:NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3945525d5f4f58455e445a4a42378b;path=/;secure;httponly status:401 Unauthorized vary:Accept-Encoding version:HTTP/1.1 www-authenticate:Basic realm=”Rally ALM”

Request Headers

:host:rally1.rallydev.com :method:GET :path:[…removed…] :scheme:https :version:HTTP/1.1 accept:application/json, text/javascript, /; q=0.01 accept-encoding:gzip, deflate, sdch accept-language:en-US,en;q=0.8 origin:[…removed…] referer:[…removed…] user-agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

Response Cookies

JSESSIONID qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13 NSC_vt1.sbmmzefw.dpn!-!IUUQT ffffffff09091c3945525d5f4f58455e445a4a42378b

IE 11

Request Headers

Request GET […removed…] Referer […removed…] Accept
application/json, text/javascript, /; q=0.01 Accept-Language en-US Accept-Encoding gzip, deflate User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host […removed…] Connection Keep-Alive Cache-Control no-cache Cookie
JSESSIONID=qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08; NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3145525d5f4f58455e445a4a42378b; RALLY-Detail-treeCollapsed=false; ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU; SUBBUCKETID=713

Response Headers

Response HTTP/1.1 200 OK RallyRequestID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-0810353108 Expires Thu, 01 Jan 1970 00:00:00 GMT Content-Type text/javascript; charset=utf-8 ETag “0101c2c8d3463ee3c1a4f950d4142b7d3” P3P CP=”NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA” Cache-Control private,max-age=0,must-revalidate Date Tue, 21 Apr 2015 20:58:17 GMT Connection keep-alive Set-Cookie ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;Path=/;Domain=[…removed…];Secure;HttpOnly Set-Cookie SUBBUCKETID=713;Path=/;Domain=[…removed…];Secure;HttpOnly Content-Length 319

Cookies

Sent JSESSIONID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08
Sent NSC_vt1.sbmmzefw.dpn!-!IUUQT ffffffff09091c3145525d5f4f58455e445a4a42378b Sent RALLY-Detail-treeCollapsed false Sent ZSESSIONID RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU Sent SUBBUCKETID 713 Received ZSESSIONID RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU At end of session […removed…] / Yes Yes Received SUBBUCKETID 713 At end of session […removed…] / Yes Yes


阅读 531

收藏
2020-07-26

共1个答案

小编典典

我遇到了一个jquery论坛帖子,其中包含有关此问题的一些其他信息。根据在此找到的内容,将其添加到$ .ajax调用中:

  beforeSend: function (xhr) {
     xhr.setRequestHeader('Authorization', makeBaseAuth(user, pswd));
  }

makeBaseAuth()使用btoa()函数的方式如下:

   makeBaseAuth: function(user, pswd){ 
      var token = user + ':' + pswd;
      var hash = "";
      if (btoa) {
         hash = btoa(token);
      }
      return "Basic " + hash;
   }

这似乎在Chrome中现在可以正常使用,我没有收到登录提示或401响应,请求正在处理中,我得到了预期的响应。我也删除了该选项,xhrFields: {withCredentials: true}因为这似乎不是必需的。由于某种原因,这在Firefox中尚不可用,在Firefox调试器中,我实际上无法通过JavaScript进行任何体面的调试来查看问题所在,该脚本的工作方式是将其加载到网页中作为一个匿名脚本,我对此没有任何控制权。我有办法在IE和Chrome中找到脚本,但出于某种原因却没有Firefox。我会认为这是一个胜利,只需使其能够在Chrome中运行,这要归功于每个人都向我指引了正确的方向!

2020-07-26