本文介绍了Ajax的错误 - "许可被拒绝"的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

对不起,这看起来比它可能是,但我想我应该包括所有的信息!

我用一个简单的Ajax脚本来动态地将内容转换为< D​​IV>一个页面上。加载一些新的内容到分区的第一个请求工作正常,但如果我有一个Ajax回刚刚加载的内容中的链接,这似乎抛出异常。

更奇怪的是,它的工作原理我的办公网络上,但它没有。如果我在一个家庭或VPN网络。如果失败,这个错误弹出的JavaScript调试器:

 线路:12
字符:11
错误:权限被拒绝
code:0
网址:http://www.example.com/about.php
 

在code真的不是那么复杂,它只是一个全能版的W3网站上的东西稍黑,但事实证明,返回调用是拒绝是混淆了我。难道是服务器的IIS配置中做点什么来阻止脚本攻击? (随想?)

任何帮助AP preciated;)

第一 - 阿贾克斯脚本

  VAR myHtt prequest = FALSE;
如果(window.XMLHtt prequest)
     myHtt prequest =新XMLHtt prequest();
否则,如果(window.ActiveXObject)
     myHtt prequest =新的ActiveXObject(Microsoft.XMLHTTP);
功能loadContent(来源,内容)
{
     如果(myHtt prequest)
     {
          VAR数据=的document.getElementById(内容);
          myHtt prequest.open(GET,源);
            data.innerHTML ='< D​​IV CLASS = \loading_image \>< IMG SRC = \图像/ loading.gif \WIDTH = \54px \高度= \55像素\ALT =加载 />< / DIV>';
          myHtt prequest.onreadystatechange =功能()
          {
               如果(myHtt prequest.readyState == 4)
                    data.innerHTML = myHtt prequest.responseText;
                    $('#col2_2_content)supersleight()。
          }
          myHtt prequest.send(空);
     }
}
 

那么这就是它调用Ajax内容,并有col2_2_content事业部,其中被插入的所有页面的截例子。文件 ajax.js 引用的头部部分。

 < D​​IV ID =col2_2_content>
    < D​​IV CLASS =mugshot_container>
        < IMG SRC =图像/ mugshot_dh.jpg的onClick =loadContent(约/ dh.php阿贾克斯= YES?,col2_2_content');/>
    < / DIV>
< / DIV>
 

这是约/ dh.php 这是通过Ajax插入,随着PHP的格式来决定什么应该被返回的code。 (它的设计被称为直接过 - 在这种情况下,它得到一个页眉/页脚缠)。

 < PHP
$ HOME_URL =htt​​p://www.example.com/url/;
$内容=
    < P>有的文字< / P>
    < P><一个的onClick = \loadContent('$ HOME_URL /约/约-main.php AJAX = YES?,col2_2_content'); \>返回< / A>< / P>
;
如果(使用isset($ _ REQUEST ['阿贾克斯'])){
    回声$内容;
} 其他 {
    include_once关于-的header.php';
    回声$内容;
    include_once关于-footer.php';
}
?>
 

解决方案

您在跨域请求一发自己。 AJAX请求基本上可以只针对所服务的网页服务器。如果你的脚本页从 http://website.com/url 加载所以,你可以做任何调用 http://website.com / 但是任何调用 http://url.com 将失败。

说了这么多,它可以调用 http://s1.example.com http://s2.example.com 如果您运行的document.domain =example.com

但如果你真的需要跨域访问数据,有几个方法可以做到这一点。最简单的一个,我知道是使用<脚本> 标签做查询。您可以编辑您的文档中添加<脚本> 与标签的任何的src 你喜欢的浏览器会去那里取脚本给你。所以,如果你控制 http://url.com ,你可以让它创建一个JavaScript而不是HTML页面,这个脚本会被加载并执行。该方法是用来制造JSONP工作

跨站点脚本可能工作没有在本地网络中的安全问题,因为IE不把那么多的限制,在这种情况下。我怀疑,虽然它会其他任何浏览器中工作,甚至在你的局域网。

Sorry, this looks longer than it probably is but I thought I should include all the information!

I'm using a simple Ajax script to dynamically bring content into a <div> on a page. The first request to load some new content into the div works fine, but if I've got an Ajax "back" link within the content which has just loaded, it seems to throw an error.

Even stranger, it works on my office network, but it fails If I'm on a home or VPN network. If it fails, this error pops up in the JavaScript debugger:

Line: 12
Char: 11
Error: Permission Denied
Code: 0
URL: http://www.example.com/about.php

The code really isn't that complex, it's just a slightly hacked around version of the stuff on the W3 website, but the fact that the return call is "denied" is confusing me. Would it be something within the server IIS configuration to stop scripting attacks? (Random thought?)

Any help appreciated ;)

First - the Ajax script

var myHttpRequest = false;
if(window.XMLHttpRequest)
     myHttpRequest = new XMLHttpRequest();
else if(window.ActiveXObject)
     myHttpRequest = new ActiveXObject("Microsoft.XMLHTTP");
function loadContent(source, content)
{
     if(myHttpRequest)
     {
          var data = document.getElementById(content);
          myHttpRequest.open("GET",source);
            data.innerHTML = '<div class=\"loading_image\"><img src=\"images/loading.gif\" width=\"54px\" height=\"55px\" alt="loading" /></div>';
          myHttpRequest.onreadystatechange = function()
          {
               if(myHttpRequest.readyState==4)
                    data.innerHTML = myHttpRequest.responseText;
                    $('#col2_2_content').supersleight();
          }
          myHttpRequest.send(null);
     }
}

Then this is a truncated example of the page which calls the Ajax content and has the col2_2_content Div where everything gets inserted. The file ajax.js is referenced in the head section.

<div id="col2_2_content">
    <div class="mugshot_container">
        <img src="images/mugshot_dh.jpg" onClick="loadContent('about/dh.php?ajax=yes', 'col2_2_content');"/>
    </div>
</div>

And this is the code from about/dh.php which is inserted via Ajax, along with the PHP formatting to decide what should be returned. (It's designed to be called directly too - in which case it gets a header/footer wrapped around).

<?php
$home_url = "http://www.example.com/url/";
$content = "
    <p>Some Text</p>
    <p><a onClick=\"loadContent('$home_url/about/about-main.php?ajax=yes',  'col2_2_content');\">Back</a></p>
";
if (isset($_REQUEST['ajax']) ) {
    echo $content;
} else {
    include_once 'about-header.php';
    echo $content;
    include_once 'about-footer.php';
}
?>
解决方案

You got yourself in cross-domain request situation. AJAX requests basically can be made only to the server that served the page. So if your script page is loaded from http://website.com/url, you can make any call to http://website.com/ but any call to http://url.com would fail.

Having said that, it is possible to call http://s1.example.com from http://s2.example.com if you run document.domain = "example.com".

But if you really need to access data across domains, there's few ways to do that. Simplest one I know is to use <script> tag to do the query. You can edit your document to add <script> tag with any src you like and browser will go there and fetch the script for you. So if you control http://url.com, you can just make it create a javascript instead of HTML page and this script would be loaded and executed. This method is used to make JSONP work.

Cross-site scripting might work without security issues in the local network because IE doesn't put that much restrictions in that case. I doubt though it will work in any other browser even in your LAN.

这篇关于Ajax的错误 - &QUOT;许可被拒绝&QUOT;的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

05-27 03:20
查看更多