本文介绍了jquery $ .ajax调用在Chrome或Firefox中导致401未经授权的响应,但在IE中有效的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 限时删除!! 我在网页上运行的脚本需要使用JQuery $ .ajax方法(目前使用jquery 1.7.2)向不同域上的服务端点提交几个GET请求。我在IE(9,10,11)中使用了ajax调用,但它在Firefox和Chrome中失败了401 Unauthorized响应。 Chrome中的部分附加错误消息是访问此资源需要完全身份验证。I have a script running on a web page that needs to use the JQuery $.ajax method (currently using jquery 1.7.2) to submit several GET requests to a service endpoint on a different domain. I have the ajax call working in IE (9, 10, 11), but it fails with a 401 Unauthorized response in Firefox and Chrome. Part of the additional error message in Chrome is "Full authentication is required to access this resource".我的ajax调用设置如下(dataType为json,用于这些请求失败,async为true):My ajax call is setup like this (dataType is "json" for these requests that fail, and async is true): $.ajax({ url: url, type: "GET", async: isAsync, dataType: dataType, username: user, password: pswd, success: function (response, status) { // success code here }, failure: function (response, status) { // failure code here }, complete: function (xhr, status) { // on complete code here } });我传递了访问服务所需的用户名和密码,这在IE中有效。我理解JQuery ajax函数将正确处理身份验证,因此如果响应返回指示需要授权,它将使用提供的凭据来正确地生成该请求。我在这里错过了什么吗?我是否需要手动添加授权标头才能生效?I am passing in the username and password required to access the service and this works in IE. I was understanding that the JQuery ajax function would handle the authentication correctly, so if a response comes back indicating that authorization is required, it would use the credentials that were provided to make that request correctly. Am I missing something here? Do I need to manually add the Authorization header for this to work?更新:以下是Chrome和IE报告的请求,响应和Cookie信息通过F12调试工具(一些信息替换为[...删除...])UPDATE:Here is the request, response, and cookie info reported by Chrome and IE via the F12 debugging tools (some info replaced with [...removed...]) Chrome(42.0.2311.90 m) access-control-allow-credentials:true access-control-allow-origin:[...删除...] access-control-expose-headers: cache-control:private,max-age = 0,must-revalidate connection :keep-alive content-encoding:gzip content-length:296 content-type:text / html; charset = ISO-8859-1 date:Tue,2015年4月21日 20:格林威治标准时间55:12到期:2015年4月21日星期二20:55:12 GMT p3p:CP =NON DSP COR CURa PSAa PSDa我们的NOR BUS PUR COM NAV STA set-cookie:JSESSIONID = qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13; Path = /; Secure; HttpOnly set-cookie:NSC_vt1.sbmmzefw.dpn! - !IUUQT = ffffffff09091c3945525d5f4f5 8455e445a4a42378b; path = /; secure; httponly status:401 Unauthorized vary:Accept-Encoding version:HTTP / 1.1 www-authenticate:Basic realm =Rally ALMaccess-control-allow-credentials:true access-control-allow-origin:[...removed...] access-control-expose-headers: cache-control:private,max-age=0,must-revalidate connection:keep-alive content-encoding:gzip content-length:296 content-type:text/html;charset=ISO-8859-1 date:Tue, 21 Apr 2015 20:55:12 GMT expires:Tue, 21 Apr 2015 20:55:12 GMT p3p:CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA" set-cookie:JSESSIONID=qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13;Path=/;Secure;HttpOnly set-cookie:NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3945525d5f4f58455e445a4a42378b;path=/;secure;httponly status:401 Unauthorized vary:Accept-Encoding version:HTTP/1.1 www-authenticate:Basic realm="Rally ALM"请求标题:host:rally1.rallydev.com:method:GET:path:[... removed ...] :scheme:https:version:HTTP / 1.1 accept:application / json, text / javascript, / ; q = 0.01 accept-encoding:gzip,deflate,sdch accept-language:en-US,en; q = 0.8 origin:[... removed ...] referer:[...删除...]用户代理:Mozilla / 5.0(Windows NT 6.1; WOW64) AppleWebKit / 537.36(KHTML,如Gecko)Chrome / 42.0.2311.90 Safari / 537.36:host:rally1.rallydev.com :method:GET :path:[...removed...] :scheme:https :version:HTTP/1.1 accept:application/json, text/javascript, /; q=0.01 accept-encoding:gzip, deflate, sdch accept-language:en-US,en;q=0.8 origin:[...removed...] referer:[...removed...] user-agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36回复Cookie JSESSIONID qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13 NSC_vt1.sbmmzefw.dpn! - ! IUUQT ffffffff09091c3945525d5f4f58455e445a4a42378bJSESSIONID qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13 NSC_vt1.sbmmzefw.dpn!-!IUUQT ffffffff09091c3945525d5f4f58455e445a4a42378b IE 11请求GET [...已删除...] Referer [...已删除...]接受 application / json,text / javascript, / ; q = 0.01 Accept-Language zh-CN 接受编码gzip,deflate用户代理Mozilla / 5.0(Windows NT 6.1; WOW64; Trident / 7.0; rv:11.0),如Gecko Host [.. .removed ...] Connection Keep-Alive Cache-Control no-cache Cookie JSESSIONID = qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08; NSC_vt1.sbmmzefw.dpn! - !IUUQT = ffffffff09091c3145525d5f4f58455e445a4a42378b; RALLY-Detail-treeCollapsed = false; ZSESSIONID = RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU; SUBBUCKETID = 713Request GET [...removed...] Referer [...removed...] Accept application/json, text/javascript, /; q=0.01 Accept-Language en-US Accept-Encoding gzip, deflate User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host [...removed...] Connection Keep-Alive Cache-Control no-cache Cookie JSESSIONID=qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08; NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3145525d5f4f58455e445a4a42378b; RALLY-Detail-treeCollapsed=false; ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU; SUBBUCKETID=713响应标头响应HTTP / 1.1 200 OK RallyRequestID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-0810353108 Expires Thu,01 1970年1月00:00:00 GMT Content-Type text / javascript; charset = utf-8 ETag0101c2c8d3463ee3c1a4f950d4142b7d3P3P CP =NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STACache-Control private,max-age = 0,必须重新生效日期星期二,2015年4月21日20:58:17 GMT 连接保持活动Set-Cookie ZSESSIONID = RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU; Path = /; Domain = [... removed ...];安全; HttpOnly Set-Cookie SUBBUCKETID = 713; Path = /; Domain = [... removed ...]; Secure; HttpOnly Content-Length 319Response HTTP/1.1 200 OK RallyRequestID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-0810353108 Expires Thu, 01 Jan 1970 00:00:00 GMT Content-Type text/javascript; charset=utf-8 ETag "0101c2c8d3463ee3c1a4f950d4142b7d3" P3P CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA" Cache-Control private,max-age=0,must-revalidate Date Tue, 21 Apr 2015 20:58:17 GMT Connection keep-alive Set-Cookie ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;Path=/;Domain=[...removed...];Secure;HttpOnly Set-Cookie SUBBUCKETID=713;Path=/;Domain=[...removed...];Secure;HttpOnly Content-Length 319 Cookies已发送JSESSIONID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08 已发送NSC_vt1.sbmmzefw .dpn - !IUUQT ffffffff09091c3145525d5f4f58455e445a4a42378b发送拉力赛详细信息,treeCollapsed假发送ZSESSIONID RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU发送 SUBBUCKETID 713收到ZSESSIONID RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU在会议$ b $结束b [...删除...] /是是收到SUBBUCKETID 713 会话结束[...删除...] /是是Sent JSESSIONID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08 Sent NSC_vt1.sbmmzefw.dpn!-!IUUQT ffffffff09091c3145525d5f4f58455e445a4a42378b Sent RALLY-Detail-treeCollapsed false Sent ZSESSIONID RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU Sent SUBBUCKETID 713 Received ZSESSIONID RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU At end of session [...removed...] / Yes Yes Received SUBBUCKETID 713 At end of session [...removed...] / Yes Yes推荐答案我遇到了一个 jquery论坛帖子,其中包含有关此问题的一些其他信息。根据我在那里发现的内容,我将其添加到$ .ajax调用中:I came across a jquery forum post that had some additional information regarding this issue. Based on what I found there, I added this to the $.ajax call: beforeSend: function (xhr) { xhr.setRequestHeader('Authorization', makeBaseAuth(user, pswd)); }其中makeBaseAuth()使用btoa()函数,如下所示:where makeBaseAuth() uses the btoa() function like this: makeBaseAuth: function(user, pswd){ var token = user + ':' + pswd; var hash = ""; if (btoa) { hash = btoa(token); } return "Basic " + hash; }现在似乎在Chrome中有效,我没有登录提示或401响应,请求正在进行,我得到预期的响应。我还删除了选项 xhrFields:{withCredentials:true} ,因为这似乎没有必要。由于某些原因,这还没有在Firefox中工作,并且在Firefox调试器中我实际上无法在javascript上进行任何体面的调试以查看问题所在,此脚本的工作方式是将其加载到网页中作为一个匿名脚本,我没有任何控制权。我有办法在IE和Chrome中使用脚本,但出于某种原因不能使用Firefox。我认为这是一个让它在Chrome中运行的胜利,感谢所有人为我提供了正确的方向!That appears to be working in Chrome now, I'm not getting a login prompt or a 401 response, the request is going through and I get the expected response. I also removed the option xhrFields: { withCredentials: true } as that didn't appear to be necessary. For some reason this isn't working in Firefox yet, and in the Firefox debugger I can't actually get at the javascript to do any decent debugging to see what the problem is, the way this script works is its loaded into a web page as an anonymous script and I don't have any control over that. I have a way to get at the script in IE and Chrome, but not Firefox for some reason. I'll consider this a win just getting it to work in Chrome, thanks to everyone for prodding me in the right direction! 这篇关于jquery $ .ajax调用在Chrome或Firefox中导致401未经授权的响应,但在IE中有效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 1403页,肝出来的.. 09-07 00:03