【发布时间】:2014-09-03 19:22:13
【问题描述】:
我不知道故障发生在哪里,这是 jQuery 问题还是 Compojure 问题或什么。
我想做这个跨域请求:
function signup() {
var signup_username = $('#signup_username').val();
var signup_password_1 = $('#signup_password_1').val();
var signup_password_2 = $('#signup_password_2').val();
$.ajax({
type: "POST",
contentType: "application/json",
url: "http://localhost:40000/signup",
data:
JSON.stringify({
"signup_username": signup_username,
"signup_password_1": signup_password_1,
"signup_password_2": signup_password_2
}),
complete: function (data) { console.log(data); alert("Done. Look at the console.log to see the results."); },
success: function (data) { console.log(data); },
error: function (data) { console.log(data); },
dataType: "json"
});
}
我在服务器上编写了一个小型 Clojure 应用程序,使用嵌入式 Jetty 作为服务器。我这样定义我的 Compojure 路由:
(defroutes app-routes
(GET "/" request (login-form request))
(POST "/" request (login request))
(OPTIONS "/" request (preflight request))
(GET "/signup" request (signup-form request))
(POST "/signup" request (signup request))
(OPTIONS "/signup" request (preflight request))
(route/resources "/")
(route/not-found "Page not found. Check the http verb that you used (GET, POST, PUT, DELETE) and make sure you put a collection name in the URL, and possibly also a document ID."))
我在我的本地机器上测试,但我想测试跨域,所以我在 2 个不同的端口上启动同一个应用程序:34001 和 40000。我将 FireFox 指向 34001,然后 Javascript 应该交叉- 域调用 40000。
首先,我用 CURL 进行测试:
curl -X OPTIONS --verbose http://localhost:40000/signup
给我:
* About to connect() to localhost port 40000 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 40000 (#0)
> OPTIONS /signup HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8x zlib/1.2.5
> Host: localhost:40000
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sun, 13 Jul 2014 20:43:43 GMT
< Access-Control-Allow-Origin: localhost:40000
< Access-Control-Allow-Methods: PUT, DELETE, POST, GET, OPTIONS, XMODIFY
< Access-Control-Max-Age: 2520
< Access-Control-Allow-Credentials: true
< Access-Control-Request-Headers: x-requested-with, content-type, origin, accept
< Access-Control-Allow-Headers: x-requested-with, content-type, origin, accept
< Content-Type: application/json;charset=ISO-8859-1
< Content-Length: 12
< Server: Jetty(7.x.y-SNAPSHOT)
<
* Connection #0 to host localhost left intact
* Closing connection #0
所以我看到了大部分我希望看到的标题。
现在我用 FireFox 测试它,并启用 Firebug。 Firebug 没有显示任何预检 OPTIONS 请求,而是我只看到错误:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:40000/signup. This can be fixed by moving the resource to the same domain or enabling CORS.
奇怪。我不得不怀疑 FireFox 是否正在发出预检 OPTIONS 请求。所以我启动了 Charles http://www.charlesproxy.com/
Charles 向我展示了 FireBug 没有的活动。查尔斯向我展示了这个请求:
OPTIONS /signup HTTP/1.1
Host: localhost:40000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://localhost:34001
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Charles 给我看了这个回复:
HTTP/1.1 200 OK
Date: Sun, 13 Jul 2014 20:35:27 GMT
Access-Control-Allow-Origin: http://localhost:34001
Access-Control-Allow-Methods: DELETE, GET, POST, PUT
Content-Type: application/octet-stream;charset=ISO-8859-1
Content-Length: 18
Server: Jetty(7.x.y-SNAPSHOT)
preflight complete
至少我面临的一个问题是,这个响应是从哪里来的?从我上面的 Compojure 路由中可以看出,这个请求应该已经发送到“preflight”函数,我是这样定义的:
(defn preflight [request]
"2014-07-13 - this is meant to enable CORS so our frontenders can do cross-browser requests. The browser should do a 'preflight' OPTIONS request to get permission to do other requests."
(print " IN PREFLIGHT ")
(println " headers host is: " (str (get-in request [:headers "host"])))
(assoc
(ring.util.response/response "CORS enabled")
:headers {"Content-Type" "application/json"
"Access-Control-Allow-Origin" (str (get-in request [:headers "host"]))
"Access-Control-Allow-Methods" "PUT, DELETE, POST, GET, OPTIONS, XMODIFY"
"Access-Control-Max-Age" "2520"
"Access-Control-Allow-Credentials" "true"
"Access-Control-Request-Headers" "x-requested-with, content-type, origin, accept"
"Access-Control-Allow-Headers" "x-requested-with, content-type, origin, accept"}))
当我使用 CURL 进行测试时,我可以看到这些标头,但在使用 FireFox 时看不到。当我使用 CURL 而不是 FireFox 时,我的 printlin 语句也会打印到终端。
由于某种原因,来自 FireFox 的预检请求没有转到我的预检功能。实际上,我无法弄清楚它的去向。它得到的响应与我定义的任何路由都不匹配。
有人知道发生了什么吗?
我注意到这家伙尽了最大的努力,并认为 CORS 无法使用:
http://chstrongjavablog.blogspot.com/2013/04/enabling-cors-for-jetty.html
更新:
这看起来很可疑:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
“应用程序/json”怎么说?
如何控制 FireFox 发出的预检请求?还是 jQuery 做的?
此外,此响应看起来非常有限:
Content-Type: application/octet-stream;charset=ISO-8859-1
同样,我无法弄清楚导致此返回的原因,因此我对响应没有太多控制权。
当我在 Chrome 中测试时,我收到了这个错误:
XMLHttpRequest cannot load http://localhost:40000/signup. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
再一次,当我使用 CURL 进行测试时,我得到了正确的标头,但不知何故 Chrome 和 FireFox 会转到我从未定义过的路由。
如果我这样做:
curl -X OPTIONS --verbose http://localhost:40000/signup
我收到这些响应标题:
< HTTP/1.1 200 OK
< Date: Sun, 13 Jul 2014 22:45:00 GMT
< Access-Control-Allow-Origin: localhost:40000
< Access-Control-Allow-Methods: PUT, DELETE, POST, GET, OPTIONS, XMODIFY
< Access-Control-Max-Age: 2520
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Headers: x-requested-with, content-type, origin, accept
< Content-Type: application/json;charset=ISO-8859-1
< Content-Length: 12
< Server: Jetty(7.x.y-SNAPSHOT)
这包括具有“内容类型”的 Access-Control-Allow-Headers。但是在 Chrome 和 FireFox 中,浏览器都会进行预检 OPTIONS 调用,该调用得到的响应似乎不是来自我定义的任何路由。
如果我使用 Charles 网络调试器,我会看到 FireFox 发送这些标头:
OPTIONS /signup HTTP/1.1
Host: localhost:40000
Access-Control-Request-Method: POST
Origin: http://localhost:34001
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://localhost:34001/signup
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
并得到这个响应:
HTTP/1.1 200 OK
Date: Sun, 13 Jul 2014 22:42:58 GMT
Access-Control-Allow-Origin: http://localhost:34001
Access-Control-Allow-Methods: DELETE, GET, POST, PUT
Content-Type: application/octet-stream;charset=ISO-8859-1
Content-Length: 18
Server: Jetty(7.x.y-SNAPSHOT)
preflight complete
我不知道该响应来自何处。如果我在整个项目中这样做:
grep -iR "preflight complete" *
“预检完成”这句话没有出现在我的代码在哪里。那么这个回应是从哪里来的呢?为什么 FireFox 和 Chrome 与我在 CURL 中调用时的路径不同?
更新:我终于找到了答案。
我折腾了几个小时,试图让 CORS 工作,在许多其他实验中,我应用了这个中间件:
https://github.com/r0man/ring-cors
这覆盖了我发回的标题。我很好奇为什么这种覆盖只发生在 Ajax 请求而不是 curl 请求上。也许那是一些魔术 r0man 放入 ring-cors 中。无论哪种方式,我都删除了它,现在我看到了我要发回的标题。
【问题讨论】:
标签: jquery clojure cors embedded-jetty compojure