来自 jquery ajax 的 Rest api 调用给出错误 403 Forbidden
[英]Rest api call from jquery ajax gives error 403 Forbidden
问题描述
I'm trying to make a simple jquery ajax call to API
我正在尝试对 API 进行简单的 jquery ajax 调用
My code:我的代码:
jQuery.ajax({
type: "GET",
url: "http://example.com/api/v1/testapi",
headers: { "Authorization": "Basic Ylc5aWXXXXXXlk1ucWx5ZnA=" },
success: function (data, status) {
// do something
},
error: function (status) {
// error handler
}
});
Request headers:请求头:
OPTIONS /api/v1/testapi HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://localhost
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Connection: keep-alive
Response headers:响应头:
HTTP/1.1 403 Forbidden
Date: Fri, 28 Aug 2015 10:43:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Cache-Control: no-cache
access-control-allow-headers: origin, content-type, accept
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE
access-control-allow-credentials: 1
X-Debug-Token: 0346f5
Connection: close
Transfer-Encoding: chunked
Content-Type: application/json
Api working with postman but gives error 403 Forbidden when I called it from JQuery ajax Api 与邮递员一起工作,但是当我从 JQuery ajax 调用它时出现错误 403 Forbidden
3 个解决方案
解决方案1
0 2015-08-28 10:58:57
paste that code above your main page of web services.将该代码粘贴到您的 Web 服务主页上方。
if (isset($_SERVER['HTTP_ORIGIN']))
{
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS')
{
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
}
解决方案2
0 2015-08-28 11:00:04
AJAX requests must be within same domain . AJAX 请求必须在同一个域内。 I tried the same from Firefox and got the error message as its a cross-domain AJAX call.我从 Firefox 中尝试了相同的方法,并收到了跨域 AJAX 调用的错误消息。
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at http://example.com/api/v1/testapi.
(Reason: CORS header 'Access-Control-Allow-Origin' missing)
Also it looks like you are setting the Authorization headers via JS.此外,您似乎正在通过 JS 设置 Authorization 标头。 It would be safer to make a call to your server which in turn makes the API call by setting the Authorization headers so that it is not exposed in the browser.调用您的服务器会更安全,服务器又通过设置 Authorization 标头来调用 API,这样它就不会在浏览器中公开。
解决方案3
0 2020-03-11 10:04:19
This is happening because X-RequestDigest is expired or invalid so you need to call below method before REST call发生这种情况是因为X-RequestDigest已过期或无效,因此您需要在 REST 调用之前调用以下方法
UpdateFormDigest(_spPageContextInfo.webServerRelativeUrl, _spFormDigestRefreshInterval);
Ref : http://sharepointsanjay.blogspot.com/2016/05/how-to-refresh-request-digest-token.html参考: http : //sharepointsanjay.blogspot.com/2016/05/how-to-refresh-request-digest-token.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.