iOS Webapp作为主页按钮:使用ajax停止工作发送的身份验证标头
[英]iOS Webapp as home button: Authentication Header sent with ajax stop working
问题描述
I have a webapp that authenticate via a REST APi witch respond with a userid and a session token, that will be sent with future ajax requests as Authorization Basic Header for secured end points of the api. 
我有一个通过REST APi进行身份验证的webapp,用一个用户ID和一个会话令牌进行身份验证,它将与未来的ajax请求一起发送,作为api安全端点的授权基本头。 That works fine on every browser, including iOS Safari. 这适用于每个浏览器,包括iOS Safari。 On iOS (iPad) The problem comes when i use the apple-mobile-web-app-capable Meta tag and add that application to the Home Screen: After the login, even if my Authorization Header is there (see it in the web inspector network request tab on my mac) when the first secured call is sent i get the safari Authenticaion Required popup asking me to enter my password. 在iOS(iPad)上当我使用支持apple-mobile-web-app的Meta标签并将该应用程序添加到主屏幕时出现问题:登录后,即使我的授权标题存在(在Web检查器中查看)我的mac上的网络请求选项卡)当第一个安全呼叫被发送时,我得到safari Authenticaion必需的弹出窗口,要求我输入我的密码。
The header is set via the ajaxSetup beforeSend propertie: 头经由ajaxSetup设置beforeSend propertie:
xhr.setRequestHeader("Authorization", "Basic " + base64Value)
Again, everything is fine on all browser, IOS Safari App and Home Button mode are ok, but when using the meta: apple-mobile-web-app-capable, the authenticaion mecanism is broken. 同样,所有浏览器上的一切都很好,IOS Safari应用程序和主页按钮模式都可以,但是当使用meta:apple-mobile-web-app-capable时,认证机制被打破了。
I did search a lot and found no solution yet. 我做了很多搜索,但还没找到解决办法。
2 个解决方案
解决方案1
0 2012-10-24 11:24:58
My problem is now solved. 我的问题现在解决了。 Ajax POST requests get cached on Safari IOS 6, and even if i clean the cache and cookies, the previously cached request will get stuck somewhere. Ajax POST请求缓存在Safari IOS 6上,即使我清理缓存和cookie,以前缓存的请求也会卡在某处。 I had a related problem on another ajax call but we got around it by adding the no cache header in our REST interceptor, but for some reason the login call to our API was still using the cached response (old session token) but only in WEB CAPABLE mode. 我在另一个ajax调用上遇到了相关的问题,但是我们通过在REST拦截器中添加无缓存头来解决它,但由于某种原因,对我们的API的登录调用仍然使用缓存的响应(旧的会话令牌)但仅在WEB中CAPABLE模式。 Adding a time stamp to the end of the LOGIN url fixed that problem. 在LOGIN URL的末尾添加时间戳修复了该问题。
I still don't understand why a specific request would never get cleaned from the history/cookies in WEB CAPABLE MODE only..... 我仍然不明白为什么特定的请求永远不会从WEB CAPABLE MODE中的历史/ cookie中清除.....
解决方案2
0 2014-06-27 19:09:32
I encountered this problem with GET requests. 我遇到了GET请求的这个问题。 My solution was to add the cache: false flag to jQuery.ajax() , which adds an extra GET parameter with a timestamp to prevent caching. 我的解决方案是将cache: false标志添加到jQuery.ajax() ,它会添加一个带有时间戳的额外GET参数以防止缓存。 A similar trick can be used in your own code, if you do not use jQuery. 如果您不使用jQuery,可以在您自己的代码中使用类似的技巧。
POST requests should never be cached. 永远不应该缓存POST请求。 That would really be a bug in iOS. 这真的是iOS中的一个错误。
jQuery.ajax docs: http://api.jquery.com/jquery.ajax/ jQuery.ajax docs: http : //api.jquery.com/jquery.ajax/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.