oAuth失败:不允许......访问控制允许原点

时间:2012-07-15 11:20:24

标签: javascript oauth

这里有什么问题?

  

选项https://twitter.com/oauth/request_token 401(未经授权)   jsOAuth-1.3.4.js:483 XMLHttpRequest无法加载   https://twitter.com/oauth/request_token。起源“http:// localhost:8080”   Access-Control-Allow-Origin.Object

不允许使用
<!DOCTYPE html>
<html>
<head>
<!--

A simple example of PIN-based oauth flow with Twitter and jsOAuth.

This is mostly based on/copied from <http://log.coffeesounds.com/oauth-and-pin-based-authorization-in-javascri>.

Get jsOAuth at <https://github.com/bytespider/jsOAuth/downloads>

-->

    <meta charset="utf-8">
    <title>jsOauth test</title>

    <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>

    <script type="text/javascript" src="jsOAuth-1.3.4.js"></script>

    <style type="text/css" media="screen">

    </style>


    <script>


    $(document).ready(function() {
        var options = {
            consumerKey: 'YOUR_CONSUMER_KEY',
            consumerSecret: 'YOUR_CONSUMER_SECRET'
        };
        var requestParams;
        var accessParams;

        var oauth = OAuth(options);

        oauth.get('https://twitter.com/oauth/request_token',

            function(data) {
                console.dir(data);
                window.open('https://twitter.com/oauth/authorize?'+data.text);
                requestParams = data.text
            },

            function(data) { alert('darn'); console.dir(data) }
        );


        $('#pinbutton').click(function() {
            if ($('#pin').val()) {
                oauth.get('https://twitter.com/oauth/access_token?oauth_verifier='+$('#pin').val()+'&'+requestParams,

                    function(data) {
                        console.dir(data);

                        // split the query string as needed                     
                        var accessParams = {};
                        var qvars_tmp = data.text.split('&');
                        for (var i = 0; i < qvars_tmp.length; i++) {;
                            var y = qvars_tmp[i].split('=');
                            accessParams[y[0]] = decodeURIComponent(y[1]);
                        };

                        oauth.setAccessToken([accessParams.oauth_token, accessParams.oauth_token_secret]);
                        getHomeTimeline();
                    },

                    function(data) { alert('poop'); console.dir(data); }
                );              
            }
        });


        function getHomeTimeline() {
            oauth.get('https://api.twitter.com/1/statuses/home_timeline.json',

                function(data) {
                    entries = JSON.parse(data.text);
                    var html = [];
                    for (var i = 0; i < entries.length; i++) {
                        html.push(JSON.stringify(entries[i]));
                    };
                    $('#timeline').html(html.join('<hr>'));
                },

                function(data) { alert('lame'); console.dir(data); }
            );          
        }


    });
    </script>
</head>
<body>
    <h1>jsOauth test</h1>

    When you get a PIN, enter it here.

    <input id="pin" type="text" value=""><button id='pinbutton'>Save</button>

    <div id="timeline">

    </div>

</body>
</html>

1 个答案:

答案 0 :(得分:6)

我可以给你答案,但你所做的是反对Twitter API服务条款。 JavaScript中的OAuthing会将秘密凭据公开给访问该网站的任何人,这是一件坏事。请在你的后端执行此操作。