gpt4 book ai didi

javascript - 从 HTTP 到 HTTPS 的跨域请求立即中止

转载 作者:行者123 更新时间:2023-12-02 22:37:00 25 4
gpt4 key购买 nike

我正在尝试从 HTTP 页面向 HTTPS 服务进行跨域 Web 服务调用。

我已经在服务器上设置了正确的 CORS header (它适用于 HTTP-HTTP 和 HTTPS-HTTPS)。

如果我将请求更改为 JSONp,它就会起作用。

我在 Chrome 和 Firefox 中看到的是 HTTPS 请求从未发送,它立即中止,并且服务器永远不会看到该请求。

值得注意的是,预检 OPTIONS 请求已中止(并且未到达服务器)。

我找不到任何来源来解释这确实是不可能的(HTTP 到 HTTPS),而且更好的是:解释原因。我可以理解 HTTPS 到 HTTP 是不安全的,但反过来应该没问题吧?对我来说这似乎很愚蠢,因为 JSONp 可以工作(但很困惑)。

注释

我还将 withCredentials 设置为 true,并且我正在发送一些自定义 header 和自定义 Content-Type:application/json

我正在使用常规 XMLHTTPRequest,并回退到 IE 的 JSONp<=9

最佳答案

好吧,我明白了。我用于 HTTPS 域的证书是自签名且未经验证的。将其添加到受信任的第三方机构列表中为我解决了这个问题。

您可以通过 IE 在 Windows 7 中安装证书。这对我有用: http://productforums.google.com/forum/#!topic/chrome/bds-Ao9LigA%5B1-25%5D发布者:zacharysyoung 2009 年 2 月 11 日确保您以管理员身份运行 IE(9),否则即使它说安装正确,安装也会失败。

  1. Open Internet Explorer (IE) and navigate to the site hosting the self-signed certificate.
  2. IE should display a page warning that, 'There is a problem with this web site's security certificate.'
  3. Click the, 'Continue to this website (not recommended)' link.
  4. Once the page has loaded, look to the right of the address bar. A red/pink button, labeled 'Certificate Error,' should be visible. Click that button.
  5. A pop-up, titled 'Untrusted Certificate,' will appear. Click the 'View certificates' link at the bottom of the pop-up.
  6. Another pop-up, titled 'Certificate,' will appear. Click the 'Install Certificate...' button.
  7. The 'Certificate Import Wizard' will be started. Click the 'Next' button.
  8. ** For XP: a. Leave 'Automatically select the certificate...' option selected, and click the 'Next' button. ** For Vista: a. Choose 'Place all certificates in the following store' option, and click the 'Browse' button. b. Click the 'Show physica stores' checkbox. c. Expand the 'Third-Party Root Certification Authorities' folder, and choose 'Local Computer'. Click the 'OK' button. d. Click the 'Next' button.
  9. This should display the 'Completing the Certificate Import Wizard' dialog. Click the 'Finish' button.
  10. A 'Security Warning' pop-up will appear. The warning is informing you that the certificate's origin cannot actually be validated. You should know where the certificate is coming from. If you do, click the 'Yes' button to install the certificate.
  11. A final pop-up informing you that, 'The import was successful,' will be displayed. Click the 'OK' button.
  12. Restart/Open Chrome and navigate to the site in question. You should not be greeted by the security warning page.

除此之外,我想我可能发现了 Chrome 中的一个错误。看: https://code.google.com/p/chromium/issues/detail?id=141839

关于javascript - 从 HTTP 到 HTTPS 的跨域请求立即中止,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11690191/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com