Javascript setRequestHeader未添加授权标头
我试图从javascript发送一个带有授权头的http帖子,并找到了许多推荐此配置的答案Javascript setRequestHeader未添加授权标头,javascript,http-headers,Javascript,Http Headers,我试图从javascript发送一个带有授权头的http帖子,并找到了许多推荐此配置的答案 var device_address = 10.25.148.164; var device_login = myusername; var device_password = mypassword; var xhr = new XMLHttpRequest(); xhr.open('POST', 'http://' + device_address + '/rest/conf', true); xhr.
var device_address = 10.25.148.164;
var device_login = myusername;
var device_password = mypassword;
var xhr = new XMLHttpRequest();
xhr.open('POST', 'http://' + device_address + '/rest/conf', true);
xhr.setRequestHeader('Authorization', 'Basic ' + btoa(device_login + ':' + device_password));
xhr.send();
上面的配置不适用于我,我从Wireshark数据包捕获中获得状态代码401:Unauthorized“,我看到了以下内容
Hypertext Transfer Protocol
OPTIONS /rest/conf HTTP/1.1\r\n
[Expert Info (Chat/Sequence): OPTIONS /rest/conf HTTP/1.1\r\n]
[OPTIONS /rest/conf HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: OPTIONS
Request URI: /rest/conf
Request Version: HTTP/1.1
Host: 10.25.148.164\r\n
Connection: keep-alive\r\n
Access-Control-Request-Method: POST\r\n
Origin: http://10.120.22.225:3000\r\n
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36\r\n
Access-Control-Request-Headers: authorization\r\n
Accept: */*\r\n
Referer: http://10.120.22.225:3000/myapp/1/edit?\r\n
Accept-Encoding: gzip, deflate, sdch\r\n
Accept-Language: en-US,en;q=0.8\r\n
\r\n
[Full request URI: http://10.25.148.164/rest/conf]
[HTTP request 1/1]
[Response in frame: 14]
Hypertext Transfer Protocol
POST /rest/conf HTTP/1.1\r\n
Host: 10.25.148.164\r\n
Connection: keep-alive\r\n
Content-Length: 0\r\n
Accept: application/json\r\n
Cache-Control: no-cache\r\n
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop\r\n
Authorization: Basic <original_string_removed_from_here>\r\n
Credentials: myusername:mypassword
Content-Type: application/json\r\n
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36\r\n
Postman-Token: 4ec1726d-dced-eede-625b-17f9b8f3e0fe\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.8\r\n
\r\n
[Full request URI: http://10.25.148.164/rest/conf]
[HTTP request 1/1]
[Response in frame: 19]
然而,如果我从邮递员那里发送邮件,它会工作,Wireshark数据包捕获显示如下
Hypertext Transfer Protocol
OPTIONS /rest/conf HTTP/1.1\r\n
[Expert Info (Chat/Sequence): OPTIONS /rest/conf HTTP/1.1\r\n]
[OPTIONS /rest/conf HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: OPTIONS
Request URI: /rest/conf
Request Version: HTTP/1.1
Host: 10.25.148.164\r\n
Connection: keep-alive\r\n
Access-Control-Request-Method: POST\r\n
Origin: http://10.120.22.225:3000\r\n
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36\r\n
Access-Control-Request-Headers: authorization\r\n
Accept: */*\r\n
Referer: http://10.120.22.225:3000/myapp/1/edit?\r\n
Accept-Encoding: gzip, deflate, sdch\r\n
Accept-Language: en-US,en;q=0.8\r\n
\r\n
[Full request URI: http://10.25.148.164/rest/conf]
[HTTP request 1/1]
[Response in frame: 14]
Hypertext Transfer Protocol
POST /rest/conf HTTP/1.1\r\n
Host: 10.25.148.164\r\n
Connection: keep-alive\r\n
Content-Length: 0\r\n
Accept: application/json\r\n
Cache-Control: no-cache\r\n
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop\r\n
Authorization: Basic <original_string_removed_from_here>\r\n
Credentials: myusername:mypassword
Content-Type: application/json\r\n
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36\r\n
Postman-Token: 4ec1726d-dced-eede-625b-17f9b8f3e0fe\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.8\r\n
\r\n
[Full request URI: http://10.25.148.164/rest/conf]
[HTTP request 1/1]
[Response in frame: 19]
但什么都没用
谁能告诉我我错过了什么
更新1
我使用了登台服务器并启用了访问控制,但响应仍然是未经授权的
Hypertext Transfer Protocol
HTTP/1.1 401 Unauthorized\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 401 Unauthorized\r\n]
[HTTP/1.1 401 Unauthorized\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Status Code: 401
Response Phrase: Unauthorized
Access-Control-Allow-Origin: *\r\n
Content-Type: application/json\r\n
Vyatta-Specification-Version: 0.3\r\n
Cache-Control: no-cache\r\n
Content-Length: 47\r\n
[Content length: 47]
Date: Sat, 10 Dec 2016 02:25:48 GMT\r\n
Server: lighttpd/1.4.35\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.000526000 seconds]
[Request in frame: 19]
File Data: 47 bytes
JavaScript对象表示法:application/json这是一个跨源浏览器请求吗?如果是,这将被阻止作为安全措施,您从哪里发起请求?我可以从哪里获取url和任何其他数据可能是有帮助的,很抱歉不得不将此作为答案发布。无法评论希望这是有帮助的
注意-如果您有一个登台url,请在上传代码后从那里尝试它可能会起作用这是一个跨源浏览器请求吗?如果是,这将被阻止作为安全措施,您从哪里发起请求?我可以从哪里获取url和任何其他数据可能会有帮助吗?很抱歉,必须将此作为答案发布。无法评论希望如此有益的
注意-如果您有一个登台url,请在上载代码后从那里尝试它,可能会起作用我看到您的请求来源为'Origin:\r\n',postman的来源为'Origin:chrome'-extension://fhbjgbiflinjbdggehcddcbncdddomop\r\n问题是您需要一个有效的源,如果您有一个暂存服务器,请从那里检查它t可能会起作用,因为暂存服务器具有所需的安全证书。如果没有,您可以尝试添加http头以允许跨源请求尝试此操作。回答您的问题@Akshay Venugopal:谢谢您的回答。我无法控制服务器,即使我可以使其在暂存服务器上工作呃,我仍然需要使其在目标服务器上工作。是否有方法使服务器从我的浏览器接受这些Rest调用?我看到您的请求来源为'Origin:\r\n',来自postman的来源为'Origin:chrome'-extension://fhbjgbiflinjbdggehcddcbncdddomop\r\n问题是,如果您有登台服务器从那里检查它很可能会工作,因为登台服务器具有所需的安全证书。如果没有,您可以尝试添加http头以允许跨源请求尝试此方法回答您的问题@Akshay Venugopal:谢谢您的回答。我无法控制服务器,甚至我如果我可以让它在暂存服务器上工作,我仍然需要让它在目标服务器上工作。有没有办法让服务器从我的浏览器接受这些Rest调用?