403 Forbidden:能够在浏览器中打开uri但不能在JavaScript代码中打开uri

时间:2016-08-01 16:53:44

标签: javascript html web xmlhttprequest http-status-code-403

我正在尝试在我的JavaScript代码中打开(跨域)uri。如果我将它复制到我的浏览器并直接打开它,我就能打开它。但是,如果我在我的JavaScript代码中打开它,我会收到403 Forbidden错误。这是我的代码:

var xhr = new XMLHttpRequest();
xhr.responseType = 'json';
xhr.withCredentias = true;
xhr.open('get', uri, 'true');
xhr.onload = function() {
    console.log(xhr.response);
}
xhr.send();

它似乎不是一个CORS错误,因为在响应头中我可以在Access-Control-Allow-Origin部分看到我的源主机。我也没有得到任何CORS错误。

有谁知道为什么会这样?真的很感谢你的帮助!

谢谢!

==== UPDATE ====

直接来自浏览器(Chrome)

Request:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:host.com
Pragma:no-cache
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Response:
Cache-Control:max-age=60
Connection:Keep-Alive
Content-Encoding:gzip
Content-Type:application/json; charset=utf-8
Date:Mon, 01 Aug 2016 17:58:20 GMT
Expires:Mon, 01 Aug 2016 17:59:20 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.6 
Transfer-Encoding:chunked
Vary:Accept-Encoding

来自代码

Request:
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:host.com
Origin:myhost.com
Pragma:no-cache
Referer:myhost.com/login
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Response:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:GET, HEAD, OPTIONS
Access-Control-Allow-Origin:myhost.com
Cache-Control:max-age=60
Connection:Keep-Alive
Content-Length:0
Content-Type:application/json; charset=utf-8
Date:Mon, 01 Aug 2016 18:20:54 GMT
Expires:Mon, 01 Aug 2016 18:21:54 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.6

2 个答案:

答案 0 :(得分:0)

我遇到了类似的问题,我可以从浏览器向URL提交GET请求,但是使用JavaScript(电子,node.js,net.request)却给了我403错误,其中包含某些数据相同的网址。

我结束了浏览器发送的标头,然后将这些标头添加到Javascript请求中,然后问题消失了。

因此,此答案并非纯Javascript答案,但适用于Electron javascript。我在main.js中添加了它:

const electron = require('electron'); const { net, session } = electron;

session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => { details.requestHeaders['Upgrade-Insecure-Requests'] = '1'; details.requestHeaders['Dnt'] = '1'; details.requestHeaders['Accept-Encoding'] = 'gzip, deflate, br'; details.requestHeaders['Accept-Language'] = 'en-US,en;q=0.5'; details.requestHeaders['Accept'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'; details.requestHeaders['User-Agent'] = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0'; details.requestHeaders['Connection'] = 'close'; details.requestHeaders['X-Forwarded-Proto'] = 'http'; callback({ cancel: false, requestHeaders: details.requestHeaders }); });

const request = net.request({ method: 'GET', protocol: 'https:', url: 'http s://mydomain.com/somefile.php?data=something&moredata=somethingelse' });

request.on("error", (err) => { console.log("NetError::: " +err.message); });

request.on('response', (_response) => { _response.on('end', () => { console.log('NetEnd::: END response (no more data).'); }); _response.on('data', (_chunk) => { console.log("NetStatus::: " + _response.statusCode); console.log("NetHeaders::: " + JSON.stringify(_response.headers) ); console.log("NetBody::: " + _chunk); });

});

request.end();

答案 1 :(得分:0)

将User-Agent请求标头更改为chrome的标准标头时,我能够解决相同的问题。