使用纯Javascript在跨域请求的AJAX请求中包含cookie
[英]Including Cookies on a AJAX Request for Cross Domain Request Using Pure Javascript
问题描述
I am developing Analytics application and I need a way to identify each user device uniquely. 
我正在开发Google Analytics(分析)应用程序,并且需要一种唯一标识每个用户设备的方法。 For this, the approach I am following is creating a "cookie" from a server side. 为此,我遵循的方法是从服务器端创建“ cookie”。 All page clicks and tracking will be updated to server using Ajax requests. 所有页面点击和跟踪都将使用Ajax请求更新到服务器。
My problem is, I have my analytics in xyz.com. 我的问题是,我在xyz.com上进行了分析。 Abc.com and 123.com are the applications which installs my plugin(javascript) code. Abc.com和123.com是安装我的插件(javascript)代码的应用程序。 On the first visit, I am creating a cookie "sha1" to identify each user/device uniquely, on each consecutive requests, I need to check in server whether cookie "sha1" exists, on based on that should have to take necessary action. 第一次访问时,我将创建一个cookie“ sha1”以唯一地标识每个用户/设备,在每个连续的请求中,我都需要在服务器中检查cookie“ sha1”是否存在,基于此,必须采取必要的措施。 Since I am making Ajax calls to the server and since it is a cross domain request, no cookies are added to the request. 由于我正在向服务器进行Ajax调用,并且由于它是跨域请求,因此不会向该请求添加任何cookie。 I have looked at various options available to include cookies to request like setting "withCredentials=true", "crossDomain=true", but with no success. 我研究了可用于包含cookie的各种选项,例如设置“ withCredentials = true”,“ crossDomain = true”,但没有成功。
I want the solution using Pure Javascript and would be really grateful if any one help me out. 我想要使用Pure Javascript的解决方案,如果有人帮助我,我将不胜感激。 Also I am open to change my approach, if any feasible and easy to implement solution is recommended. 如果建议任何可行且易于实施的解决方案,我也愿意改变自己的方法。
2 个解决方案
解决方案1
4 已采纳 2014-04-02 15:23:51
Here is an XMLHttpRequest() example that i have used for CORS with cookie credentials successfully in Chrome, FF 3.5+, Safari 4+, IE10+. 这是一个XMLHttpRequest()示例,我已成功使用它在Chrome,FF 3.5 +,Safari 4 +,IE10 +中使用cookie凭据进行CORS。 If this does not work, it is probably something wrong with server configuration or browser compatibility. 如果这不起作用,则可能是服务器配置或浏览器兼容性有问题。
// GET request
var xhr = new XMLHttpRequest();
xhr.open("GET", url, true);
xhr.responseType = 'application/json';
xhr.processData = false;
xhr.contentType = false;
xhr.onload = function() {
// Successful request
if (xhr.status == 200) {
success(xhr.response);
}
};
xhr.onerror = function() {
// Crossdomain request denied
if (xhr.status === 0) {
corsFailed(xhr.response);
}
};
xhr.crossDomain = true;
xhr.withCredentials = true;
xhr.send();
I know that safari and IE10+ require the user to allow third party cookies in their browser preferences. 我知道,Safari和IE10 +要求用户在其浏览器首选项中允许第三方cookie。 I don't think there is any way around this without using custom headers in place of cookies and setting the Access-Control-Allow-Headers on the server to include the custom headers. 我认为如果不使用自定义标头代替cookie并将服务器上的Access-Control-Allow-Headers设置为包括自定义标头,那么没有任何解决方法。 Also I believe you need Access-Control-Allow-Headers: "Content-Type". 另外,我认为您需要Access-Control-Allow-Headers:“内容类型”。
To go back as far as IE8/9, you would need to implement a fallback to XDomainRequest(), but those do not support cookie credentials. 要回溯到IE8 / 9,您需要实现对XDomainRequest()的后备,但是那些不支持cookie凭据。
The processData and contentType flags may only be necessary for POST requests. processData和contentType标志仅对于POST请求才是必需的。 I use FormData() objects when doing POSTs, not JSON. 我在执行POST而不是JSON时使用FormData()对象。
解决方案2
0 2014-03-20 13:57:12
It can't be done in js, you need to modify the headers sent from the server: 这无法在js中完成,您需要修改从服务器发送的标头:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:X-Requested-With, X-Prototype-Version, Content-Type, Origin, Allow
Access-Control-Allow-Methods:POST, GET, OPTIONS
Access-Control-Allow-Origin:http://yourdomain
Access-Control-Max-Age:1728000
How to add those headers, depend on which software are you using to serve pages. 如何添加这些标题,取决于您使用哪种软件来提供页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.