我试图从jquery到node.js进程进行https CORS ajax调用。但是,当调用时,Chrome会在控制台OPTIONS https://localhost/ net::ERR_INSECURE_RESPONSE中抱怨。
查看类似的堆栈溢出问题,Cross domain request from HTTP to HTTPS aborts immediately如果我导入我自己签名的证书,我应该可以进行跨源https ajax调用。所以我将证书导入了chrome。我可以在权威机构下的chrome管理证书选项卡中看到证书。但是当我尝试ajax调用时它仍然失败。
这就是我制作私钥的方式:
openssl genrsa -out domain.key 4096
现在证书:
openssl req -x509 -sha512 -nodes -newkey rsa:4096 -keyout domain.key -out domain.crt
对于通用名称,我输入了计算机的IP地址,因此chrome不会抱怨URL不匹配。
这是html页面。
<!DOCTYPE html>
<html>
<title>BlackBox</title>
<head>
<meta charset="utf-8">
<script src="jquery-1.11.2.min.js"></script>
<script src="bootstrap-3.3.4-dist/js/bootstrap.min.js"></script>
<script src="login.js"></script>
</head>
<body>
<div class="container-fluid">
<div class="row">
<div class=col-md-4>
<h2> Welcome to BlackBox</h2>
<label>username</label>
<input type="text" name="username" id="username">
<label>password</label>
<input type ="text" name="password" id="password">
<input type="button" id="loginbtn" value="Login"/>
<div class="container">
<div class="row">
<div class="out"></div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
这是与html一起使用的javascript。
$(document).ready(function() {
$('#loginbtn').click(clickLogin);
function clickLogin() {
var username = $('#username').val();
var password = $('#password').val();
if(password == '' || username == '') {
$(".out").html("Empty username or password");
} else {
$.ajax({
type: "PUT",
url: "https://localhost/",
contentType: "application/json",
data: JSON.stringify({
username: username,
password: password,
}),
dataType: "text",
})
}
};
});
最后这里是节点进程,它们都提供html和javascript,并且假设接收ajax调用。
const fs = require("fs");
const http = require('http');
const https = require('https');
var loginPage = fs.readFileSync('login.html');
var loginPageJs = fs.readFileSync('login.js');
var jquery = fs.readFileSync('jquery-1.11.2.js');
var bootstrap = fs.readFileSync('bootstrap-3.3.4-dist/js/bootstrap.min.js')
var options = {
key: fs.readFileSync('domain.key'),
cert: fs.readFileSync('domain.crt')
};
http.createServer(function(req, res) {
res.writeHead(301, {Location: 'https:192.168.1.58/'})
res.end();
}).listen(80);
https.createServer(options, function(req, res) {
if(req.method === 'GET' && req.url === '/') {
res.writeHead(200, "OK", {'Content-Type': 'text/html'});
res.write(loginPage);
res.end();
} else if(req.method === 'GET' && req.url === '/login.js') {
res.writeHead(200, "OK", {'Content-Type': 'application/javascript'});
res.write(loginPageJs);
res.end();
} else if(req.method === 'GET' && req.url === '/jquery-1.11.2.js') {
res.writeHead(200, "OK", {'Content-Type': 'application/javascript'});
res.write(jquery);
res.end();
} else if(req.method === 'GET' && req.url === '/bootstrap-3.3.4- dist/js/bootstrap.min.js') {
res.writeHead(200, "OK", {'Content-Type': 'application/javascript'});
res.write(bootstrap);
res.end();
} else if(req.method === "OPTIONS" && req.url === '/') {
res.writeHead(204, "No Content", {
"access-control-allow-origin": origin,
"access-control-allow-methods": "GET, POST, PUT, DELETE, OPTIONS",
"access-control-allow-headers": "content-type, accept",
"access-control-max-age": 10,
"content-length": 0
});
var requestBodyBuffer = [];
req.on("data", function(chunk) {
requestBodyBuffer.push(chunk);
})
req.on("end", function() {
var requestBody = requestBodyBuffer.join("");
var obj = JSON.parse(requestBody);
if(obj.hasOwnProperty('username') && obj.hasOwnProperty('password')) {
console.log(obj.username);
console.log(obj.password);
}
})
}
}).listen(443);
答案 0 :(得分:0)
最近我为whois查找编写了一个应用程序,我也遇到了这个问题,但最后检查了所有可能性后,它才能正常工作。
function checkAvailability(domainParsed) {
$.ajax({
method : "GET",
url : "https://localhost:55555/check", // Pay attention To This Line
"Content-Type" : "application/json",
data : {domain : domainParsed , array : postFixesArray }
}).done(function(data) {
availableDomanisToShow = data.availableDomains;
registeredDomanisToShow = data.registeredDomains;
});
}
var bodyParser = require("body-parser") ;
var unirest = require('unirest');
var https = require('https');
var http = require('http');
var fs = require('fs');
var express = require('express');
var app = express();
var registeredDomains = [];
var availableDomains = [];
var counter = 0 , i = 0;
app.use(bodyParser.json({ type: 'application/json'})) ;
app.use(bodyParser.urlencoded({ extended:true })) ;
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*"); // Pay attention To This Line --> Cross domain request
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); // Pay attention To This Line --> Cross domain request
next();
});
app.use("/check",function(req,resp,next) {
var fqdn,postfix;
availableDomains = [];
registeredDomains = []
while( i < req.query.array.length) {
fqdn = req.query.domain + req.query.array[i];
postfix = req.query.array[i];
checkAvailability(fqdn,postfix,req.query.array.length);
console.log(req.query.array.length)
i++;
}
function checkAvailability(domain,postfix,length) {
unirest.get('https://jsonwhois.com/api/v1/whois').headers({
'Accept': 'application/json',
'Authorization': 'Token token=238d7da7fac57882a176cb14411d781a'
}).query({
"domain" : domain
}).end(function(response) {
console.log(domain , response.body['available?']);
if(true != response.body['available?']) {
registeredDomains.push(postfix);
counter++;
if(counter == length) {
counter = 0 ;
i = 0;
resp.json( { "registeredDomains" : registeredDomains , "availableDomains" : availableDomains } );
}
}
else {
availableDomains.push(postfix);
counter++;
if(counter == length) {
counter = 0 ;
i = 0;
resp.json( { "registeredDomains" : registeredDomains , "availableDomains" : availableDomains } );
}
}
});
}
});
https.createServer({
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
}, app).listen(55555);
http.createServer(app).listen(8000);
console.log("httpsServer are Listening on " + 55555);
console.log("httpServer are Listening on " + 8000);
答案 1 :(得分:-1)
出于测试/开发目的,您也可以禁用 Chrome 安全性
使用以下参数运行chrome / google chrome,如果您只需要一次性配置,则将user-data-dir替换为chrome目录或/ tmp
chromium-browser --allow-running-insecure-content --disable-web-security --user-data-dir=~/.config/chromium/Default