我正在尝试在我的JavaScript代码中打开(跨域)uri。如果我将它复制到我的浏览器并直接打开它,我就能打开它。但是,如果我在我的JavaScript代码中打开它,我会收到403 Forbidden错误。这是我的代码:
var xhr = new XMLHttpRequest();
xhr.responseType = 'json';
xhr.withCredentias = true;
xhr.open('get', uri, 'true');
xhr.onload = function() {
console.log(xhr.response);
}
xhr.send();
它似乎不是一个CORS错误,因为在响应头中我可以在Access-Control-Allow-Origin部分看到我的源主机。我也没有得到任何CORS错误。
有谁知道为什么会这样?真的很感谢你的帮助!
谢谢!
==== UPDATE ====
直接来自浏览器(Chrome)
Request:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:host.com
Pragma:no-cache
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Response:
Cache-Control:max-age=60
Connection:Keep-Alive
Content-Encoding:gzip
Content-Type:application/json; charset=utf-8
Date:Mon, 01 Aug 2016 17:58:20 GMT
Expires:Mon, 01 Aug 2016 17:59:20 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.6
Transfer-Encoding:chunked
Vary:Accept-Encoding
来自代码
Request:
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:host.com
Origin:myhost.com
Pragma:no-cache
Referer:myhost.com/login
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
Response:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:GET, HEAD, OPTIONS
Access-Control-Allow-Origin:myhost.com
Cache-Control:max-age=60
Connection:Keep-Alive
Content-Length:0
Content-Type:application/json; charset=utf-8
Date:Mon, 01 Aug 2016 18:20:54 GMT
Expires:Mon, 01 Aug 2016 18:21:54 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.6
答案 0 :(得分:0)
我遇到了类似的问题,我可以从浏览器向URL提交GET请求,但是使用JavaScript(电子,node.js,net.request)却给了我403错误,其中包含某些数据相同的网址。
我结束了浏览器发送的标头,然后将这些标头添加到Javascript请求中,然后问题消失了。
因此,此答案并非纯Javascript答案,但适用于Electron javascript。我在main.js中添加了它:
const electron = require('electron');
const { net, session } = electron;
session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => {
details.requestHeaders['Upgrade-Insecure-Requests'] = '1';
details.requestHeaders['Dnt'] = '1';
details.requestHeaders['Accept-Encoding'] = 'gzip, deflate, br';
details.requestHeaders['Accept-Language'] = 'en-US,en;q=0.5';
details.requestHeaders['Accept'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
details.requestHeaders['User-Agent'] = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0';
details.requestHeaders['Connection'] = 'close';
details.requestHeaders['X-Forwarded-Proto'] = 'http';
callback({ cancel: false, requestHeaders: details.requestHeaders });
});
const request = net.request({
method: 'GET',
protocol: 'https:',
url: 'http s://mydomain.com/somefile.php?data=something&moredata=somethingelse'
});
request.on("error", (err) => {
console.log("NetError::: " +err.message);
});
request.on('response', (_response) => {
_response.on('end', () => {
console.log('NetEnd::: END response (no more data).');
});
_response.on('data', (_chunk) => {
console.log("NetStatus::: " + _response.statusCode);
console.log("NetHeaders::: " + JSON.stringify(_response.headers) );
console.log("NetBody::: " + _chunk);
});
});
request.end();
答案 1 :(得分:0)
将User-Agent请求标头更改为chrome的标准标头时,我能够解决相同的问题。