我想做的是在 HTTP 协议上有一个页面, 向同一个网络服务器发送 AJAX 电话, 但使用 HTPS 。 请求页面和 AJAX 处理器都在同一个服务器上, 拥有相同的域和端口 。 (也就是说, 唯一的区别是协议 。 )

From http://www.example.com/index.php

Triggers a jQuery AJAX call to https://www.example.com/authenticate.php?user=123&password=456

(我希望通过 HTTPS 传递密码, 使其在互联网上加密。 由于一些设计限制, 我不得不使用 AJAX 电话, 而不是改变页面方向 。 )

我知道这里有一个CORS问题,因此我研究了一下,发现我实际上可以使用 Access-Control-Allow-Oligin 头来帮助。然后,我在我的阿帕奇配置文件中设置了以下内容:

Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header set Access-Control-Allow-Headers "content-type, accept"
Header set Access-Control-Max-Age 1000

我可以看到,当浏览器请求服务器提供资源时,信头可以被看到。 请求 :

Accept  */*
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Authorization   Basic Y2FzZXRhZ3JhbWRldjpwYXNzd29yZGRldiE=
Cache-Control   no-cache
Connection  keep-alive
Cookie  __utma=99230732.2019724749.1337107099.1337849971.1337856946.9; __utmz=99230732.1337107099.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=217650581.954519005.1337107174.1337772401.1337777327.5; __utmz=217650581.1337107174.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmc=99230732; PHPSESSID=m8lnqhqv2qa6f884a8um413n81
Host    www.example.com
Pragma  no-cache
Referer http://www.example.com/index.php
User-Agent  Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20100101 Firefox/12.0

答案是,

Accept-Ranges   bytes
Access-Control-Allow-Head...    content-type, accept
Access-Control-Allow-Meth...    GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Orig...    *
Access-Control-Max-Age  1000
Connection  close
Content-Length  16599
Content-Type    application/x-javascript
Date    Thu, 24 May 2012 14:48:17 GMT
Etag    "48157-40d7-4c0c938b220c0"
Last-Modified   Thu, 24 May 2012 14:39:39 GMT
Server  Apache/2.2.3 (CentOS)

看来标题部分已经完成了。 (我说得对吗? )

当我试图在 JavaScript 调用随后的 jQuery AJAX 代码时

$.ajax({
    // Use HTTPS as there is password transferred
  url : "https://www.example.com/authentication.php",
  type :  POST ,
  dataType :  json ,
  async : false,
  data : ajaxData,
  beforeSend : function(xhr, opt) {},
  error : function(error) {
    console.log("Ajax error: unable to login user: ");
    console.log(error);
  },
  success : function(status) {
    if(status==USER_AUTH_AUTHENTICATE_USER_SUCCESS) {
      console.log("User login succeeded!");
    } else {
      console.log("User login failed.");
    }
  }
});

浏览器( FireFox 12) 只需返回一个对象,

readyState 0
status 0
statusText "[Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.js Line: 8240"]"

有什么东西我错过了吗?

事实上,我已经尝试了来自论坛和博客的许多建议,试图做到这一点,但我还是没有成功。 我还尝试使用JSONP(JSONP ), 它对FireFox(FireFox)很有效,但在Chrome/Safari(Chrome/Safari)上却失败,没有可读错误信息,只是从jQuery 代码“head.

如果有人能告诉我 我的代码/设置有什么问题 非常感谢

谢谢!

Edited on 2012-05-25 20:29 (UTC +08:00)

如我所建议,我阅读了这个参考案例(http://stackoverflow.com/ questions/5750696/how-to-get-a-cross-drive-resources-resources-shablication-cors-proform-project-works-from-plain-javastrict-but-why-non-with-jquery),我发现它与本案有关(http://stackoverflow.com/ questions/5584923/a-cors-production-works-from-plain-javarence-but-why-jquery)。

var request = new XMLHttpRequest();
var params = "action=something";
request.open( POST ,  https://www.example.com/controllers/Authentication.php , true);
request.onreadystatechange = function() {if (request.readyState==4) alert("It worked!");};
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
request.setRequestHeader("Content-length", params.length);
request.setRequestHeader("Connection", "close");
request.send(params);

代码由 HTTP 协议的页面调用。 一旦代码被执行, 下面的错误立即被丢弃,

限制访问的 URI 被拒绝... trest_xhr.php 线 11

(如果我在 JavaScript HTTP 中更改 HTTPS, 剧本即刻有效, 所以不应该有任何语法问题 。 )

请求和回复页页头如下。

Accept  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Authorization   Basic Y2FzZXRhZ3JhbWRldjpwYXNzd29yZGRldiE=
Cache-Control   no-cache
Connection  keep-alive
Cookie  __utma=99230732.2019724749.1337107099.1337856946.1337921578.10; __utmz=99230732.1337107099.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=217650581.954519005.1337107174.1337772401.1337777327.5; __utmz=217650581.1337107174.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmc=99230732; PHPSESSID=ktd6anojfi40ohemlujosdmhi4
Host    www.example.com
Pragma  no-cache
User-Agent  Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20100101 Firefox/12.0

答案是,

Access-Control-Allow-Head...    content-type, accept
Access-Control-Allow-Meth...    GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Orig...    *
Access-Control-Max-Age  1000
Connection  close
Content-Length  590
Content-Type    text/html; charset=UTF-8
Date    Fri, 25 May 2012 12:24:44 GMT
Server  Apache/2.2.3 (CentOS)
X-Powered-By    PHP/5.1.6

而不是jQuery(jQuery), 因为本地XHR(XHR)也行不通。