服务器阻止POST但不阻止GET请求?
[英]Server blocks POST but not GET requests?
问题描述
Inside my app, I use $http post requests because on server side all PHP services accept only post request. 
在我的应用程序中,我使用$ http post请求,因为在服务器端,所有PHP服务只接受post请求。 PHP web services are located in godaddy. PHP网络服务位于godaddy。
After some consecutive $http post requests(usually after 10-20 request), I start to get ERR_EMPTY_RESPONSE from server. 经过一些连续的$ http post请求(通常在10-20请求之后),我开始从服务器获取ERR_EMPTY_RESPONSE。 I did some research and found that this is because a security issue from server to prevent attacks. 我做了一些研究,发现这是因为服务器出现安全问题以防止攻击。 Apache server's mod_sec setting causes this problem but I don't have permissions to override it. Apache服务器的mod_sec设置导致此问题,但我没有权限覆盖它。
I decided to test, if this issue is specifically caused by POST requests. 我决定测试,如果这个问题是由POST请求专门引起的。 so I wrote a simple PHP file and AngularJS test script. 所以我写了一个简单的PHP文件和AngularJS测试脚本。 If I use GET request I don't get any ERR_EMPTY_RESPONSE errors. 如果我使用GET请求,我不会收到任何ERR_EMPTY_RESPONSE错误。 Are there any $http POST settings on client side AngularJS or any Apache server setting which I can place in .htaccess file, so server doesn't block POST requests? 在客户端AngularJS或任何Apache服务器设置上是否有任何$ http POST设置我可以放在.htaccess文件中,所以服务器不会阻止POST请求?
PHP script: PHP脚本:
<?php
echo json_encode(array("item"=>"dummy test service."));
?>
AngularJS script: AngularJS脚本:
var success_count = 0;
var method = 'GET'; //try 'POST' and you will get ERR_EMPTY_RESPONSE
stop = $interval(function() {
$http({
method : method,
url : 'test.php'
}).then(function successCallback(response) {
console.log(success_count);
success_count++;
}, function errorCallback(response) {
console.log("error after "+success_count+" successful request.");
success_count = 0;
});
}, 200);
1 个解决方案
解决方案1
0 2016-05-12 10:33:35
This is because of cross-domain request policy. 这是因为跨域请求策略。 If you want to restrict scripts from other pages that are not on the same domain this will help in doing that. 如果要限制来自不在同一域中的其他页面的脚本,这将有助于这样做。 But what happens in the case of API's, how are they giving permission to accept request from some other pages?. 但是在API的情况下会发生什么,他们如何允许接受来自其他页面的请求? So to do this they use Access-control-OPTIONS and in your particular case Access-Control-Allow-Methods must have been set to just GET method. 为此,他们使用Access-control-OPTIONS,在您的特定情况下,Access-Control-Allow-Methods必须设置为GET方法。 So its basically accepting only GET request. 所以它基本上只接受GET请求。
However if you want to specifically use POST request use CURL(with PHP or some other server side language) which can by pass same-origin policy ,and can send & receive data through POST request. 但是,如果您想要专门使用POST请求,请使用CURL(使用PHP或其他服务器端语言),它可以通过同源策略,并可以通过POST请求发送和接收数据。 You can have additional information about CURL here 您可以在此处获得有关CURL的其他信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.