Java 浏览器的同源策略阻止Sharepoint发布请求
从Sharepoint访问文档时需要使用javascript提供身份验证。下面是代码Java 浏览器的同源策略阻止Sharepoint发布请求,java,javascript,jquery,html,sharepoint,Java,Javascript,Jquery,Html,Sharepoint,从Sharepoint访问文档时需要使用javascript提供身份验证。下面是代码 function Authenticate(username, password, tenantName) { $.support.cors = true; $.ajax({ 'url': 'https://login.microsoftonline.com/extSTS.srf', dataType: 'text', type: 'POST',
function Authenticate(username, password, tenantName) {
$.support.cors = true;
$.ajax({
'url': 'https://login.microsoftonline.com/extSTS.srf',
dataType: 'text',
type: 'POST',
'data': '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action><a:MessageID>urn:uuid:40c1407d-b2a4-4e05-8248-8a92b71102b6</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:UsernameToken u:Id="uuid-69882db9-2d6b-45d3-b016-c2156cb6c01d-1"><o:Username>' + username + '</o:Username><o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">' + password + '</o:Password></o:UsernameToken></o:Security></s:Header><s:Body><t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><a:EndpointReference><a:Address>https://somethingonline.sharepoint.com/_forms/default.aspx?wa=wsignin1.0</a:Address></a:EndpointReference></wsp:AppliesTo><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType></t:RequestSecurityToken></s:Body></s:Envelope>',
headers: { Accept: "application/soap+xml; charset=utf-8" },
success: function (result) {
var xmlDoc = $.parseXML(result);
var xml = $(xmlDoc);
var binToken = xml.find("wsse\\:BinarySecurityToken").text();
alert(binToken);
CallSPOnline(binToken, tenantName);
}
});
}
function CallSPOnline(binToken, tenantName) {
var url = "https://" + tenantName + ".sharepoint.com/_forms/default.aspx? wa=wsignin1.0";
$.support.cors = true;
$.ajax({
'url': url,
dataType: 'text',
type: 'POST',
'data': binToken,
headers: { Accept: "application/x-www-form-urlencoded" },
success: function (result) {
$.ajax({
url: 'https://' + tenantName + '.sharepoint.com/_api/web/AllProperties',
dataType: 'JSON',
type: 'GET',
headers: { Accept: "application/json;odata=verbose" },
success: function (x) {
alert(x.d.vti_x005f_categories);
}
});
}
});
}
函数身份验证(用户名、密码、租户名称){
$.support.cors=true;
$.ajax({
“url”:”https://login.microsoftonline.com/extSTS.srf',
数据类型:“文本”,
键入:“POST”,
“数据”:http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issueurn:uuid:40c1407d-b2a4-4e05-8248-8a92b71102b6http://www.w3.org/2005/08/addressing/anonymoushttps://login.microsoftonline.com/extSTS.srf“+用户名+”“+密码+”https://somethingonline.sharepoint.com/_forms/default.aspx?wa=wsignin1.0http://schemas.xmlsoap.org/ws/2005/05/identity/N奥普罗夫克eyhttp://schemas.xmlsoap.org/ws/2005/02/trust/Issueurn:oasis:names:tc:SAML:1.0:assertion',
标题:{Accept:“application/soap+xml;charset=utf-8”},
成功:功能(结果){
var xmlDoc=$.parseXML(结果);
var xml=$(xmlDoc);
var binToken=xml.find(“wsse\\:BinarySecurityToken”).text();
警报(binToken);
CallSPOnline(binToken、tenantName);
}
});
}
函数CallSPOnline(binToken,tenantName){
var url=“https://“+tenantName+”.sharepoint.com//\u forms/default.aspx?wa=wsignin1.0”;
$.support.cors=true;
$.ajax({
“url”:url,
数据类型:“文本”,
键入:“POST”,
“数据”:binToken,
标题:{Accept:“application/x-www-form-urlencoded”},
成功:功能(结果){
$.ajax({
url:'https://'+tenantName+'.sharepoint.com/_-api/web/AllProperties',
数据类型:“JSON”,
键入:“GET”,
标题:{Accept:“application/json;odata=verbose”},
成功:功能(x){
警报(x.d.vti\U x005f\U类别);
}
});
}
});
}
我已启用CORS支持。但我还是遇到了同一原产地政策的问题。如果在Chrome上禁用了安全性,代码工作正常。为什么您的“url”和“数据”用单引号括起来?这不会对请求造成任何问题。我已经测试过禁用浏览器安全性。您如何确定?您是否在没有引号的情况下进行了测试?尝试将
crossDomain:true