是什么导致这个ajax-upload javascript错误?

时间:2016-04-18 08:37:43

标签: java ajax iframe upload wicket

我尝试以多部分形式上传文件AjaxSubmitLink。文件上传本身运行正常,但后来我在调试控制台中出现了javascript错误:

ERROR: Cannot read Ajax response for multipart form submit: SecurityError: Blocked a frame with origin "http://localhost:8888" from accessing a cross-origin frame.
ERROR: Wicket.Ajax.Call.failure: Error while parsing response: No XML response in the IFrame document

导致此例外的原因是什么? (我该如何解决?)

我的代码:

public class AddAttachmentPanel
    extends Panel
{
    private static final Logger LOG = LoggerFactory.getLogger( AddAttachmentPanel.class );

    @Inject
    IRemoteIssueService remoteIssueService;

    Form addAttachmentForm;

    FileUploadField fuf;

    public AddAttachmentPanel( String id, IModel<UiIssue> uiIssueModel )
    {
        super( id );
        this.setVisible( false );
        this.setOutputMarkupId( true );
        this.setOutputMarkupPlaceholderTag( true );

        this.addAttachmentForm = new Form<Void>( "addAttachmentForm" )
        {
            private static final long serialVersionUID = 3350671074490969089L;

            @Override
            protected void onError()
            {
                LOG.error( "Uh oh" );
            }

            @Override
            protected void onSubmit()
            {
                super.onSubmit();
                try
                {
                    File file = AddAttachmentPanel.this.fuf.getFileUpload().writeToTempFile();
                    LOG.info( "Wrote file:" + file.length() );
                }
                catch ( Exception e )
                {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }

                uiIssueModel.detach();
                WicketSession.get().info( "Success!" );
            }
        };

        this.addAttachmentForm.setMultiPart( true );
        this.addAttachmentForm.setMaxSize( Bytes.megabytes( Settings.UPLOAD_MAX_MB ) );

        this.fuf = new FileUploadField( "fuf" );
        this.fuf.setRequired( true );

        this.addAttachmentForm.add( this.fuf );

        this.addAttachmentForm.add( new AjaxSubmitLink( "saveAttachmentLink", this.addAttachmentForm )
        {

            private static final long serialVersionUID = 6351225213189683847L;

            @Override
            protected void onAfterSubmit( final AjaxRequestTarget target, final Form<?> form )
            {
                super.onAfterSubmit( target, form );
                this.send( this.getPage(), Broadcast.BREADTH, new IssueUpdatedEvent( target, uiIssueModel.getObject() ) );
            }
        } );


        this.add( this.addAttachmentForm );
    }

}

1 个答案:

答案 0 :(得分:2)

这是因为将X-Frame-Options设置为DENY(我在OWASP扫描中执行此操作)。

更改为SAMEORIGIN修复它。 

@Override
protected WebResponse newWebResponse( WebRequest webRequest, HttpServletResponse httpServletResponse )
{
    WebResponse response = super.newWebResponse( webRequest, httpServletResponse );
    //Protect against clicjJacking:
    // See https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
    // and http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
    response.addHeader( "X-Frame-Options", "SAMEORIGIN" );
    return response;
}
相关问题
最新问题