使用我们的webapp,
用户提供用户名/密码以与基本身份验证一起使用以使用AJAX连接到第三方Web服务
如果第三方Web服务返回401,因为用户名/密码不正确, 弹出验证对话框。
一切都很好。
用户然后输入正确的凭据并单击“确定”。
但Chrome不使用此正确的凭据,而是重新提交之前输入的旧错误凭据。
getLayersFromCapabilities: function() {
var baseOgcUrl = $('input#ogc-url').val();
var capabilitiesUrl = this.api.Utilities.appendQueryStringQuestionMarkIfNeeded(baseOgcUrl);
Spinner && Spinner.show();
var getCapabilitiesAjaxOptions = {
url: capabilitiesUrl,
dataType: 'xml',
context: this,
success: function(xmlDoc) {
Spinner.hide();
var capabilities = capabilitiesFormat.read(new XMLSerializer().serializeToString(xmlDoc));
if( capabilities && capabilities.featureTypeList && capabilities.featureTypeList.featureTypes ) {
//----------------
// WFS
//----------------
this.displayLayerProperties();
}
},
error: function(jqXHR, textStatus, errorThrown) {
Spinner.hide();
console.log("Error retrieving GetCapabilities XML, make sure you are authenticated.");
return;
}
};
this.addBasicAuthHeadersIfNeeded(getCapabilitiesAjaxOptions);
$.ajax(getCapabilitiesAjaxOptions);
},
addBasicAuthHeadersIfNeeded: function(wfsAjaxOptions) {
wfsAjaxOptions.headers = {
"Authorization": "Basic " + btoa(this.getOgcUsername() + ":" + this.getOgcPassword())
};
wfsAjaxOptions.xhrFields = {
withCredentials: true
};
},
请求/响应标头
#1. AJAX Preflight
OPTIONS https://thirdparty.com/WebApp/Web/SAAS/Api/WFS/v1/WfsServer?&version=1.1.0&request=GetCapabilities&service=wfs HTTP/1.1
Host: thirdparty.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: GET
Origin: http://myserver.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Access-Control-Request-Headers: authorization
Accept: */*
Referer: http://myserver.com/app1/?project=Sample&touch=false&debug=debug
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
#2. AJAX Preflight Response
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization
Access-Control-Allow-Methods: GET,POST,PUT,PATCH,DELETE,OPTIONS
Access-Control-Allow-Origin: http://myserver.com
Allow: GET,DELETE,POST,PUT,OPTIONS
Cache-Control: private
Content-Encoding: gzip
Date: Thu, 01 Sep 2016 07:37:46 GMT
Server: Microsoft-IIS/8.5
Strict-Transport-Security: max-age=10886400
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 3.0
X-T1-Compressed-By-CompressFilter: gzip
X-UA-Compatible: IE=edge
Content-Length: 0
Connection: keep-alive
#3. AJAX auth request
GET https://thirdparty.com/WebApp/Web/SAAS/Api/WFS/v1/WfsServer?&version=1.1.0&request=GetCapabilities&service=wfs HTTP/1.1
Host: thirdparty.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: application/xml, text/xml, */*; q=0.01
Origin: http://myserver.com
Authorization: Basic dXNlcjpwYXNz
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Referer: http://myserver.com/app1/?project=Sample&touch=false&debug=debug
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Cookie: MaxScreenMode=false; Theme/T2/SAAS=NewYork; RequestingArea=WebServices
#4. AJAX auth response
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://myserver.com
Cache-Control: private
Date: Thu, 01 Sep 2016 07:37:47 GMT
Server: Microsoft-IIS/8.5
Set-Cookie: RequestingArea=WebServices; expires=Fri, 01-Sep-2017 07:37:47 GMT; path=/WebApp/Web/; secure; HttpOnly
Strict-Transport-Security: max-age=10886400
WWW-Authenticate: Basic
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 3.0
X-UA-Compatible: IE=edge
Content-Length: 0
Connection: keep-alive
#5. 2nd AJAX Auth request, user enters different credential in Browser Auth Dialog, but Chrome puts the old Basic Authorization Credential, again
GET https://thirdparty.com/WebApp/Web/SAAS/Api/WFS/v1/WfsServer?&version=1.1.0&request=GetCapabilities&service=wfs HTTP/1.1
Host: thirdparty.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Authorization: Basic dXNlcjpwYXNz
Accept: application/xml, text/xml, */*; q=0.01
Origin: http://myserver.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Referer: http://myserver.com/app1/?project=Sample&touch=false&debug=debug
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Cookie: MaxScreenMode=false; Theme/T2/SAAS=NewYork; RequestingArea=WebServices
#6. 2nd AJAX auth response, unauthorized, because it was using the incorrect credential entered in step #3 above
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://myserver.com
Cache-Control: private
Date: Thu, 01 Sep 2016 07:37:59 GMT
Server: Microsoft-IIS/8.5
Set-Cookie: RequestingArea=WebServices; expires=Fri, 01-Sep-2017 07:38:00 GMT; path=/WebApp/Web/; secure; HttpOnly
Strict-Transport-Security: max-age=10886400
WWW-Authenticate: Basic
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 3.0
X-UA-Compatible: IE=edge
Content-Length: 0
Connection: keep-alive