1. 首頁
  2. 問答
  3. 使用JQuery的WSO2 DAS REST API崩潰「對預檢請求的響應未通過訪問控制檢查」

使用JQuery的WSO2 DAS REST API崩潰「對預檢請求的響應未通過訪問控制檢查」

2015-12-15 39 views
0

我嘗試使用WSO2 DAS 3.0 REST API從我的商店中檢索一些數據。使用SoapUI或Chrome擴展REST客戶端,API可以正常工作。然而,從JavaScript使用JQuery的Ajax調用它會失敗在相同的原產地策略。使用JQuery的WSO2 DAS REST API崩潰「對預檢請求的響應未通過訪問控制檢查」

我增加了過濾器以在服務器端中的web.xml如在文檔描述:

<filter> 
    <filter-name>CorsFilter</filter-name> 
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> 
    <init-param> 
     <param-name>cors.allowed.origins</param-name> 
     <param-value>*</param-value> 
    </init-param> 
    <init-param> 
     <param-name>cors.allowed.methods</param-name> 
     <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value> 
    </init-param> 
</filter> 
<filter-mapping> 
    <filter-name>CorsFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

呼叫看起來像這樣:

$.ajax({ 
    url: 'https://localhost:9443/analytics/search', 
    type: 'POST', 
    data: { 
     "tableName":"TEST", 
     "query":"*:*", 
     "start":0, 
     "count":100 
    }, 
    headers: { 
     Authorization: 'Basic YWRtaW46YWRtaW4=', 
    }, 
    dataType: 'json', 
    success: function (data) { 
     alert(1); 
     //console.info(data); 
    } 
});

但是所允許的原點不施加作爲從錯誤消息中可見:

XMLHttpRequest cannot load https://localhost:9443/analytics/search. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://myserver' is therefore not allowed access. The response had HTTP status code 403.

任何使用JQuery調用API的任何人都可以?

來源

2015-12-15 Filip Majda

回答

2

答案就像向服務器端過濾器添加一個附加參數一樣簡單,因爲JQuery傾向於在預檢請求中發送允許來源相關的標頭。配置應如下所示:

<filter> 
    <filter-name>CorsFilter</filter-name> 
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> 
    <init-param> 
     <param-name>cors.allowed.origins</param-name> 
     <param-value>*</param-value> 
    </init-param> 
    <init-param> 
     <param-name>cors.allowed.methods</param-name> 
     <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value> 
    </init-param> 
    <init-param> 
     <param-name>cors.allowed.headers</param-name> 
     <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,authorization</param-value> 
    </init-param> 
</filter> 
<filter-mapping> 
    <filter-name>CorsFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

來源

2015-12-15 16:06:46

相關問題

 相關問題