堆栈内存溢出
  简体   繁体   English

Salesforce拒绝设置不安全的标题“ User-Agent”

[英]Salesforce Refused to set unsafe header “User-Agent”

 原文  2014-07-29 19:59:29       javascript/ ajax/ salesforce

问题描述

I am trying to create a user login/signup on my remote app that accesses user data on Salesforce. 我正在尝试在访问Salesforce上的用户数据的远程应用程序上创建用户登录/注册。 I am doing this from javascript via Salesforce REST API. 我正在通过Salesforce REST API从JavaScript进行此操作。 This was not working using requests straight from javascript due to CORS restrictions, so I found this example . 由于CORS限制,使用直接来自javascript的请求无法正常工作,因此我找到了这个示例 My code is as follows: 我的代码如下: 

    var result = sforce.connection.login('example@provider.com', 'pass'+'securityToken');
    sforce.connection.init(result.sessionId, 'https://login.salesforce.com/services/oauth2/token')

    sforce.connection.remoteFunction({
        url: 'https://login.salesforce.com/services/oauth2/token',
        requestHeaders: {
            "Authorization" : "Bearer " +__sfdcSessionId,
            "Content-Type":"application/json",
            "Connection":"Keep-Alive"
        },
        method: "GET",
        onSuccess : function(response) {
            console.log("Success " + response)
        },
        onFailure: function(response) {
            console.log("Failed " + response)
        }
    });

When I run this code I get the following errors: 运行此代码时,出现以下错误:

1) Refused to set unsafe header "User-Agent" 1)拒绝设置不安全的标题“ User-Agent”
2) POST http:///services/Soap/u/31.0 404 (Not Found) 2)POST http:///services/Soap/u/31.0 404(未找到)
3) Remote invocation failed, due to: 3)远程调用失败,原因是: 

<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /services/Soap/u/31.0 was not found on this server.</p>
</body></html>
 status code:

Using a code editor I can see that the errors are occurring after hitting the sforce.connection.login() script and never making it to the sforce.connection.init() script in my code. 使用代码编辑器,我可以看到在点击sforce.connection.login()脚本并且从未在我的代码中将其添加到sforce.connection.init()脚本之后,便发生了错误。

How do I resolve this issue so that I may log a user in from my remote web app and gain access to the user information within salesforce? 如何解决此问题,以便可以从远程Web应用程序登录用户并获得对Salesforce中用户信息的访问权?

1 个解决方案

解决方案1
 0  2015-03-22 17:16:18

It seem your issue is like the one in this post 看来您的问题就像这篇文章中的问题一样

XMLHttpRequest isn't allowed to set these headers, they are being set automatically by the browser. XMLHttpRequest不允许设置这些标头,它们是由浏览器自动设置的。 The reason is that by manipulating these headers you might be able to trick the server into accepting a second request through the same connection, one that wouldn't go through the usual security checks - that would be a security vulnerability in the browser. 原因是通过操纵这些标头,您可能能够欺骗服务器通过同一连接接受第二个请求,而该请求不会通过通常的安全检查-这将是浏览器中的一个安全漏洞。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 NWJS拒绝设置不安全的标头“ User-Agent” - NWJS Refused to set unsafe header “User-Agent” 如何解决拒绝在 Javascript 中设置不安全的标头“User-Agent” - how to resolve Refused to set unsafe header "User-Agent" in Javascript Azure存储Javascript库“ createBlobServiceWithSas”引发错误:拒绝设置不安全的标头“用户代理” - Azure Storage Javascript library “createBlobServiceWithSas” throws error: Refused to set unsafe header “user-agent” jplayer自定义用户代理HTTP标头 - jplayer custom user-agent http header 为iFrame内容设置/强制用户代理 - Set/Force User-Agent for iFrame content 如何解决“拒绝设置不安全标头:连接”? - How to Address “Refused to Set Unsafe Header: Connection”? 拒绝设置不安全的标题“日期”AngularJS - Refused to set unsafe header “Date” AngularJS 拒绝设置不安全的标头“ Connection” extjs4 - Refused to set unsafe header “Connection” extjs4 AngularJS拒绝设置不安全的标头“ Cookie” - AngularJS Refused to set unsafe header “Cookie” Ajax 请求:拒绝设置不安全 header - Ajax request: Refused to set unsafe header
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM