1. 首页
  2. 问答
  3. 使用JQuery的WSO2 DAS REST API崩溃“对预检请求的响应未通过访问控制检查”

使用JQuery的WSO2 DAS REST API崩溃“对预检请求的响应未通过访问控制检查”

2015-12-15 38 views
0

我尝试使用WSO2 DAS 3.0 REST API从我的商店中检索一些数据。使用SoapUI或Chrome扩展REST客户端,API可以正常工作。然而,从JavaScript使用JQuery的Ajax调用它会失败在相同的原产地策略。使用JQuery的WSO2 DAS REST API崩溃“对预检请求的响应未通过访问控制检查”

我增加了过滤器以在服务器端中的web.xml如在文档描述:

<filter> 
    <filter-name>CorsFilter</filter-name> 
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> 
    <init-param> 
     <param-name>cors.allowed.origins</param-name> 
     <param-value>*</param-value> 
    </init-param> 
    <init-param> 
     <param-name>cors.allowed.methods</param-name> 
     <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value> 
    </init-param> 
</filter> 
<filter-mapping> 
    <filter-name>CorsFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

呼叫看起来像这样:

$.ajax({ 
    url: 'https://localhost:9443/analytics/search', 
    type: 'POST', 
    data: { 
     "tableName":"TEST", 
     "query":"*:*", 
     "start":0, 
     "count":100 
    }, 
    headers: { 
     Authorization: 'Basic YWRtaW46YWRtaW4=', 
    }, 
    dataType: 'json', 
    success: function (data) { 
     alert(1); 
     //console.info(data); 
    } 
});

但是所允许的原点不施加作为从错误消息中可见:

XMLHttpRequest cannot load https://localhost:9443/analytics/search. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://myserver' is therefore not allowed access. The response had HTTP status code 403.

任何使用JQuery调用API的任何人都可以?

来源

2015-12-15 Filip Majda

回答

2

答案就像向服务器端过滤器添加一个附加参数一样简单,因为JQuery倾向于在预检请求中发送允许来源相关的标头。配置应如下所示:

<filter> 
    <filter-name>CorsFilter</filter-name> 
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> 
    <init-param> 
     <param-name>cors.allowed.origins</param-name> 
     <param-value>*</param-value> 
    </init-param> 
    <init-param> 
     <param-name>cors.allowed.methods</param-name> 
     <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value> 
    </init-param> 
    <init-param> 
     <param-name>cors.allowed.headers</param-name> 
     <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,authorization</param-value> 
    </init-param> 
</filter> 
<filter-mapping> 
    <filter-name>CorsFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

来源

2015-12-15 16:06:46

相关问题

 相关问题