


Ok, It looks like I made a mistake with my initial question. So, here are some corrections. The answer still applies, because the second redirect is stopped when there is a change in protocol to HTTPS (SSL).

就我而言,我有多次重定向,浏览器没有遵循第二个重定向. 遵循第一个重定向,但返回错误.

In my case, I have a redirect occurring multiple times, and the browser doesn't follow the second redirect. The first redirect is followed but returns an error.

我一直在阅读包含重定向的JavaScript AJAX响应会被自动跟踪,但就我而言,情况似乎并非如此.浏览器将自动跟随第一个重定向,并且返回第一个重定向,而无需遵循标题中的第二个重定向.我的问题是我希望所有重定向都被浏览器自动跟随.

I keep reading that JavaScript AJAX responses containing redirects are followed automatically, but it look like not in my case. The first redirect is automatically followed by the browser, and the first redirect is returned without following the second redirect in the header. My problem is that I want all the redirects to be automatically followed by the browser.


The redirects are part of the phpCAS library. I have an API written in PHP which checks the user authentication, each time, before returning the results.


Here is the sequence. The main thing to note is that the browser returns the second response, after following 1 redirect. I would prefer it went all the way and returned the last response when I make an AJAX call to localhost/example/api.


  • 使用jQuery.ajax()调用localhost/example/api


  • 重定向到https://localhost/accounts/cas/login?service=api.example.com&gateway=true(使用SSL).
  • Redirects to https://localhost/accounts/cas/login?service=api.example.com&gateway=true (using SSL).

响应2:(SSL)localhost/accounts/cas/login?service = api.example.com& gateway = true

  • 如果存在查询键网关",则登录名将直接重定向回服务"键提供的URL(带或不带票证)(以向服务表明用户已登录或未登录)./li>
  • When the query key 'gateway' is present, the login simply redirects back to the URL provided by the 'service' key with or without a ticket (to signal to service that the user is either logged in or not).

响应3:localhost/api?ticket = TICKET

  • 验证票证并重定向到本身而不包含票证.


  • 这次,CAS客户端查看$ _SESSION来记住票证是什么,然后处理返回JSONP的API请求.

我没有通过OpenID或OpenAuth(orization)使用CAS的特殊原因. CAS只是我能够在WordPress中使用的第一个身份验证模块.对于使用其他身份验证库,CMS,框架等方面的建议,我持开放态度.尽管如此,我希望只是完成此项目.因此,重新设计的次数越少越好.

There's no particular reason I'm using CAS over OpenID or OpenAuth(orization). CAS was just the first authentication module I was able to get working in WordPress. I am open to suggestions in terms of using a different authentication library, CMS, framework, etc. Although, my hope is to just get this project finished. So the less re-tooling the better.



As you later found yourself as you added in your comments, ajax requests are subject to same origin policy.

是的,您可以使用JSONP-但是,如果您有幸仅支持IE8及更高版本,请 CORS 可能是一个更好的解决方案.

Yes, you could use JSONP - however, if you are fortunate enough to have to support only IE8 and upwards, CORS might be a better solution.


Basically, adding headers such as

access-control-allow-origin: http://api.example.com
access-control-allow-credentials: true


to your server answer, you could work around cross origin policy.

也请参见 jQuery票证,使其可以与jQuery一起使用.

Also see this jQuery ticket to make it kinda work with jQuery.


07-22 20:15