为什么有些ajax调用不响应服务器头

时间:2018-02-14 11:55:34

标签: dojo xpages lotus-domino

免责声明:也许是错误的论坛,可能不是编码相关...

如果在Xpage上有一个valuePicker,如下所示

<xe:djextListTextBox
    id="djextListTextBox1"
    value="#{requestScope.category}"
    multipleTrim="true"
    multipleSeparator=","
    >
</xe:djextListTextBox>
<xe:valuePicker
    id="valuePicker1"
    for="djextListTextBox1"
    dialogTitle="Category"
    dojoType="extlib.dijit.PickerCheckbox"
>
    <xe:this.dataProvider>
        <xe:simpleValuePicker
            valueList="red,green,blue"
            valueListSeparator=","
        >
        </xe:simpleValuePicker>
    </xe:this.dataProvider>
</xe:valuePicker>

来自Ajax调用的响应标头 NOT 表示http服务器标头集。

回复:

HTTP/1.1 200 OK
Date: Wed, 14 Feb 2018 10:21:01 GMT
Content-Type: application/json;charset=utf-8
Expires: -1
Content-Encoding: gzip
Content-Length: 73
Strict-Transport-Security: max-age=604800; includeSubDomains

但同一页面上的另一个控件也使用了对服务器的ajax调用来表示标题:

<xp:inputText
    id="inputText1"
    value="#{document1.subject}"
>
<xp:typeAhead
    mode="full"
    minChars="1"
    valueList="alpha#beta#charlie#delta#echo#foxtrot"
    valueListSeparator="#"
    tokens=",/"
    ignoreCase="true"
>
</xp:typeAhead>
</xp:inputText>

响应:

HTTP/1.1 200 OK
Date: Wed, 14 Feb 2018 10:34:36 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html;charset=UTF-8
Expires: -1
Content-Encoding: gzip
Content-Length: 48
Strict-Transport-Security: max-age=604800; includeSubDomains
Expires: Mon, 01 Jan 1990 23:59:59 GMT
Pragma: no-cache
Cache-Control: no-cache,no-store,private,must-revalidate
X-Frame-Options: DENY

服务器已经定义了几个我们需要通过所有系统遵守的HTTP标头,但是对于 valuePicker ,响应将它们排除在外。

为什么会这样,以及如何解决这个问题?

在Win / 64服务器上使用Domino 9.0.1FP10,标题定义为Web站点规则,并在notes.ini中:

规则:

HTTP response codes: 200, 206, 404, 403, 401, 500  
Always add header  
Specify a date: Expires after 1900-01-01
Header 1: Pragma, no-cache, override=true  
Header 2: Cache-Control, no-cache,no-store,private,must-revalidate, override=true  
Header 3: X-Frame-Options, DENY, override=true

的Notes.ini

HTTPAdditionalRespHeader=Content-Security-Policy: default-src 'self'; script-src 'self' https://*.fontawesome.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.fontawesome.com 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://*.fontawesome.com https://fonts.gstatic.com

从日志中排除 HTTPAdditionalRespHeader 标头以使其更具可读性......

0 个答案:

没有答案