在internet explorer 9中更改域名后,Ajax停止工作

[英]Ajax stops working after changing domain name in internet explorer 9


We are developing a mobile site using html5, jQuery(1.8.2) and jQuery mobile while making jQuery ajax calls (get and post).
After we changed our domain name, we are getting "access denied" for ajax calls on ie9.
We tried to include jquery.iecors.js. But still we are getting the same error.Is there any resolution for this?

我們正在開發一個使用html5、jQuery(1.8.2)和jQuery mobile的移動站點,同時進行jQuery ajax調用(get和post)。在我們更改了域名之后,我們獲得了對ie9的ajax調用的“訪問拒絕”。我們嘗試包含jquery.iecors.js。但我們還是得到了相同的誤差。有什么解決辦法嗎?

Sample Code:

示例代碼:

$.support.cors = true;

$.ajax({
    cache: false,
    async: true,
    crossDomain: true,
    timeout: 600000,

    url: baseUrl + '/SmartTouch/restServices/PrefferedHotels',
    type: 'GET',

    beforeSend: function (xhr) {
        xhr.setRequestHeader("Authorization", "Basic " + myencoded);
    },
    contentType: "application/x-www.form-urlencoded; (http://www.form-urlencoded;) (http://www.form-urlencoded;) charset=UTF-8",
    success: function (data) {

        alert("success");
    },
    error: function (jqXHR, textStatus, errorThrown) {


        alert("error!!::" + JSON.stringify(jqXHR));

        alert('response: ' + jqXHR.responseText);
        alert('code: ' + jqXHR.getResponseHeader('X-Subscriber-Status'));
        alert("textStatus " + textStatus);
        alert("errorThrown " + errorThrown);

    }
});

Edited:

編輯:

beforeSend: function (xhr) {
    xhr.setRequestHeader("Authorization", "Basic " + myencoded);
    xhr.setRequestHeader("Access-Control-Allow-Origin", "*");
    xhr.setRequestHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS");
},
contentType: "application/x-www.form-urlencoded; (http://www.form-urlencoded;) (http://www.form-urlencoded;) charset=UTF-8",
success: function (data) {
    alert("success");
},
error: function (jqXHR, textStatus, errorThrown) {
    alert("error!!::" + JSON.stringify(jqXHR));

Request and Response headers in IE9:

IE9中的請求和響應頭:

 Request:
    Key Value
    Request GET url HTTP/1.1
    Accept  text/html, application/xhtml+xml, */*
    Accept-Language en-US
    User-Agent  Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
    Accept-Encoding gzip, deflate
    Proxy-Connection    Keep-Alive
    Host     ("url")
    Pragma  no-cache
    Cookie  GUEST_LANGUAGE_ID=en_US; COOKIE_SUPPORT=true; __utmc=24444716; __utma=24444716.47018335.1379597653.1380274476.1380276859.17; __utmz=24444716.1379597653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=24444716.6.10.1380276859 





    Response:
    Key Value
    Response    HTTP/1.1 200 OK
    Server  Apache-Coyote/1.1
    X-Powered-By    Servlet 2.5; JBoss-5.0/JBossWeb-2.1
    Accept-Ranges   bytes
    ETag    W/"64578-1380266616000"
    Last-Modified   Fri, 27 Sep 2013 07:23:36 GMT
    Content-Type    text/html
    Date    Fri, 27 Sep 2013 10:17:01 GMT
    Content-Length  64578
    Age 0
    Via 1.1 localhost.localdomain 

6 个解决方案

#1


2  

This kind of Content-Type looks strange:

這種內容類型看起來很奇怪:

application/x-www.form-urlencoded; (http://www.form-urlencoded;) (http://www.form-urlencoded;) charset=UTF-8"

I can imagine the IE has as problem with it.

我可以想象IE也有同樣的問題。

Try the proper one:

試着正確的:

application/x-www-form-urlencoded; charset=UTF-8
                 ^-- notice: no dot!

It's also possible for the IE to have problems with the authorization. Maybe myencoded is out of the scope or not filled correctly. Debug this variable and have a look at this question: Authorization through setRequestHeader

IE也有可能在授權上出現問題。也許我的編碼已經超出了范圍或者沒有正確填寫。調試這個變量並查看這個問題:通過setRequestHeader進行授權

#2


1  

If you want the Ajax url to be hit from any domain, the server must send a response header Access-Control-Allow-Origin : * or Access-Control-Allow-Origin : your-domain if restricted only to your domain.Can you see these headers in response?

如果希望從任何域訪問Ajax url,服務器必須發送響應頭訪問-控制-允許-起源:*或訪問-控制-允許-起源:您的域,如果僅限於您的域的話。你能看到這些標頭的響應嗎?

#3


1  

See this Microsoft article on CORS implementation on IE8 and IE9: http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx

請參閱微軟關於IE8和IE9的CORS實現的文章:http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest- limitationandworkounds.aspx

Specifically they say two things:

具體來說,他們說了兩件事:

  • No custom headers may be added to the request
  • 不可以向請求添加自定義頭

and

  • No authentication or cookies will be sent with the request
  • 不會隨請求一起發送任何身份驗證或cookie

And you mentioned in your comment:

你在評論中提到

Our problem is we are doing basic authorization and including following header: xhr.setRequestHeader("Authorization", "Basic " + myencoded); in our ajax call.But in ie9 we are getting access denied.Is there any way to include this header?

我們的問題是我們正在做基本的授權,包括下面的標題:xhr。setRequestHeader(“授權”、“Basic”+ myencoded);在我們的ajax調用。但是在ie9中,我們被拒絕訪問。有沒有辦法包括這個標題?

Unfortunately, the answer I'll have to give you is no, there is no way to include this header in IE8 or IE9. Microsoft designed it that way.

不幸的是,我要給你的答案是不,沒有辦法在IE8或IE9中包含這個標題。微軟就是這樣設計的。

To get it to work with CORS on IE9 you'll have to convince the site you're connecting to to allow you to send authorization information some other way - maybe query params or post data.

為了讓它與IE9上的CORS一起工作,你必須說服你所連接的站點允許你以其他方式發送授權信息——可能是查詢params或post數據。

If the site is not cooperative there's always the request proxy work-around where you request to a page on your server and you server forwards the request with the correct header etc.

如果網站不合作,總有一個請求代理工作,你請求到你服務器上的一個頁面,你的服務器用正確的報頭轉發請求,等等。

#4


1  

You seem confident that the issue has nothing to do with the suggested jQuery bug (especially since you're using jquery.iecors.js) so I'll move right on.

您似乎確信這個問題與建議的jQuery bug沒有任何關系(特別是因為您使用的是jQuery .iecors.js),因此我將繼續討論。

  • What is the significance of the "edited" bit? Access-Control-Allow-Origin:* should be set on the response (i.e. server-side, as part of Apache/IIS/F5 configuration), not on the request. Edit: there is more information available on MDN; you could also use something like burp's tampering proxy to play with the headers if you don't have immediate access to config changes (pretty common in an enterprise environment)

    “編輯”的意義是什么?訪問控制允許的來源:*應該設置在響應上(即服務器端,作為Apache/IIS/F5配置的一部分),而不是在請求上。編輯:MDN上有更多的信息;如果不能立即訪問配置更改(在企業環境中非常常見),還可以使用burp的篡改代理來處理頭文件

  • Even if not an issue, @DanFromGermany is absolutely right - content-type does look strange. You shouldn't even have to set it manually, jQuery.ajax() has it correct by default.

    即使不是問題,@DanFromGermany也是絕對正確的——content-type看起來確實很奇怪。您甚至不必手動設置它,jQuery.ajax()在默認情況下是正確的。

  • You also seem concerned with setting the basic authentication header. Remember that myencoded value is just encoded (not encrypted), so you might as well skip the header and pass credentials in the URL: http(s)://username:password@www.example.com/

    您似乎還關心設置基本的身份驗證頭。記住,my編碼的值只是編碼的(不是加密的),所以您可以跳過header並在URL中傳遞憑證:http(s)://用戶名:password@www.example.com/。

Moar edit:

Moar編輯:

Looking through those MDN docos above, this seems relevant:

通過上面的MDN docos,這似乎是相關的:

By default, in cross-site XMLHttpRequest invocations, browsers will not send credentials. A specific flag has to be set on the XMLHttpRequest object when it is invoked.

默認情況下,在跨站點XMLHttpRequest調用中,瀏覽器不會發送憑據。在調用XMLHttpRequest對象時,必須在該對象上設置一個特定的標志。

Perhaps try adding xhr.withCredentials = true; to your beforeSend?

也許嘗試添加xhr。withCredentials = true;beforeSend ?

Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *. Since the Access-Control-Allow-Origin explicitly mentions http://foo.example, the credential-cognizant content is returned to the invoking web content.

重要提示:當響應授權請求時,服務器必須指定一個域,並且不能使用粗梳。如果標頭被通配符為:Access-Control-Allow-Origin: *,則上述示例將失敗。由於訪問控制允許的源顯式地提到了http://foo。例如,憑證識別內容被返回到調用的web內容。

This would invalidate previous advice of using an asterisk in the header (i.e. explicit domain is required)

這將使以前在標題中使用星號的建議無效(即需要顯式域)

#5


0  

If you were using windows based hosting?

如果你使用的是基於windows的主機?

Please check old configs for the IIS, if available,

請查看IIS的舊配置,如果有,

there are security provisions which will allow content by its type,

有安全條款允許內容按其類型,

add this response header <% Response.AddHeader("Access-Control-Allow-Origin","*") %> in your page also.

在您的頁面中添加這個響應頭<% Response.AddHeader(“訪問控制允許源”,“*”)%>。

or refer the source link to MSDN for more details

或參考源鏈接到MSDN以了解更多細節

I think you have updated this in edits but there are many things as its AJAX involved, and your IE9 may also one of the reason if you have changed security options and not default.

我認為您已經在編輯中更新了它,但是它涉及到AJAX的很多東西,如果您更改了安全選項而不是默認設置,那么您的IE9可能也是原因之一。

I think that should do, if not please reply

我想應該可以,如果不可以,請回復

#6


0  

You can try this

你可以試試這個

<meta http-equiv="X-UA-Compatible" content="IE=Edge" >

It forces the browser the render at whatever the most recent version's standards are. For reference http://msdn.microsoft.com/en-us/library/ie/ms533876%28v=vs.85%29.aspx

它迫使瀏覽器呈現最新版本的標准。供參考http://msdn.microsoft.com/en-us/library/ie/ms533876%28v=vs.85%29.aspx


注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2013/09/23/724f70aebfa29719e50ce7f49e0c46dd.html



 
粤ICP备14056181号  © 2014-2020 ITdaan.com