[英]Get post response as json
Before I start, I'd like to say sorry for my English, it's not my native language.在开始之前,我想对我的英语说声抱歉,它不是我的母语。
I'm trying to setup OAuth2 for GitHub authorization.我正在尝试为 GitHub 授权设置 OAuth2。
I stucked at the step, where I should send POST request to github and receive access token.我坚持在这一步,我应该向 github 发送 POST 请求并接收访问令牌。 The problem is that when I send POST request my browser automatically downloads file with access token.问题是当我发送 POST 请求时,我的浏览器会自动下载带有访问令牌的文件。 Since I can't open this file with javascript, I'm trying to get json as response.由于我无法使用 javascript 打开此文件,因此我正在尝试获取 json 作为响应。
In the documentation it's written that I can change accept header and receive json, but I can't write correct POST request.在文档中写道,我可以更改接受标头并接收 json,但我无法编写正确的 POST 请求。
I've already tried a lot of things, like this:我已经尝试了很多东西,例如:
$.ajax({
method: "POST",
url: "https://github.com/login/oauth/access_token",
dataType: "application/json"
});
or或者
$.ajax({
url: 'https://github.com/login/oauth/access_token',
headers: {
Accept : "application/json",
}
data: "data",
success : function(response) {
console.log(response);
} })
etc等等
But I get this error:但我收到此错误:
XMLHttpRequest cannot load github.com/login/oauth/access_token. XMLHttpRequest 无法加载 github.com/login/oauth/access_token。 No 'Access-Control-Allow-Origin' header is present on the requested resource.请求的资源上不存在“Access-Control-Allow-Origin”标头。 Origin ' http://braga.fedyunin.com.ua ' is therefore not allowed access.因此,不允许访问来源“ http://braga.fedyunin.com.ua ”。 The response had HTTP status code 404.响应具有 HTTP 状态代码 404。
Can't find any useful information in google, so I had to register here.在谷歌找不到任何有用的信息,所以我不得不在这里注册。 Thanks for help.感谢帮助。
阅读https://developer.github.com/v3/部分:跨源资源共享
I tried the same thing, but also failed due to the lack of the Access-Control-Allow-Origin header in the response from GitHub API.我尝试了同样的事情,但由于 GitHub API 的响应中缺少 Access-Control-Allow-Origin 标头,也失败了。 I contacted GitHub support and found out what was going wrong.我联系了 GitHub 支持并找出了问题所在。
It doesn't work because you are attempting to use OAuth from a web application, which GitHub API does not support.它不起作用,因为您试图从 GitHub API 不支持的 Web 应用程序使用 OAuth。 When you authenticate this way, your client_id and client_secret must be in the web page somewhere and sent with the POST request.当您以这种方式进行身份验证时,您的 client_id 和 client_secret 必须位于网页中的某个位置并与 POST 请求一起发送。 The entire request, including your client_secret, can be viewed with Firebug or a similar tool.可以使用 Firebug 或类似工具查看整个请求,包括您的 client_secret。 Because it's a bad idea to expose your client_secret, GitHub API will not return the Access-Control-Allow-Origin header, thus preventing you from retrieving the token.因为公开您的 client_secret 是一个坏主意,GitHub API 不会返回 Access-Control-Allow-Origin 标头,从而阻止您检索令牌。
You must issue the POST from the server side and get the token that way.您必须从服务器端发出 POST 并以这种方式获取令牌。 When you do that, the client_secret is on your server, not in people's browsers.当您这样做时,client_secret 在您的服务器上,而不是在人们的浏览器中。
The Ajax request from your site to github.com fails because browsers follow the same origin policy for xhr requests.从您的站点到 github.com 的 Ajax 请求失败,因为浏览器对 xhr 请求遵循相同的源策略。 This means that an xhr request can only be made for a resource on the same origin.这意味着只能对同一来源的资源发出 xhr 请求。 To allow for cross origin requests, the server needs to Whitlelist domains that can access a particular resource.为了允许跨源请求,服务器需要将可以访问特定资源的域列入白名单。
In your case, to do this, you need to register your site as an application on your github account, by entering the details here: https://github.com/settings/applications/new在您的情况下,为此,您需要通过在此处输入详细信息将您的站点注册为您的 github 帐户上的应用程序: https : //github.com/settings/applications/new
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.