我将跨域XHR从安全域创建到安全域。
我以为是 Cross-domain XHR to https address (SSL) fails in Firefox (works in Chrome)但事实并非如此。证书是可信的。
FF47.0中带有'Content-Type:application / json; charset = UTF-8'的POST请求未获得'Content-Length'设置,因此网络服务器响应411。
使用'Content-Type:application / x-www-form-urlencoded'的POST请求正常工作。
但是:(这对我来说非常奇怪)一个带有'Content-Type:application / x-www-form-urlencoded'的POST请求和一个像'X-Foo'这样的自定义字段再次没有设置'Content-Length'字段。
这是预期的行为吗?
查看代码:(CodePen:http://codepen.io/chrispillen/pen/dXBZkv)
/* serialize object as url encoded NVP */
var serialize = function(obj) {
var str = [];
for(var p in obj) {
if (obj.hasOwnProperty(p)) {
str.push(encodeURIComponent(p) + "=" + encodeURIComponent(obj[p]));
}
}
return str.join("&");
};
/* url to api */
var apiUrl = "https://sandbox.api.kehrwasser.com/kanubox/v1";
/* credentials */
var credentials = { mail: "user@mailserver.com", password: "12345" };
/* xhr request from https to https */
var request = new XMLHttpRequest();
request.open("POST", apiUrl + "/users/auth/");
var data;
/* combination 1 - not working - no Content-Length field set by Firefox 47.0 */
request.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
data = JSON.stringify(credentials);
/* combination 2 - working - Content-Length field set by Firefox 47.0 */
// request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
// data = serialize(credentials);
/* combination 3 - not working - no Content-Length field set by Firefox 47.0 */
//request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
//request.setRequestHeader("X-Auth-Secret", "foobar");
//data = serialize(credentials);
request.onreadystatechange = function() { // Call a function when the state changes.
if (request.readyState == XMLHttpRequest.DONE) {
document.getElementById("output").innerHTML = "DONE";
} else {
document.getElementById("output").innerHTML = "LOADING...";
}
}
request.send(data);