【发布时间】:2012-12-06 14:57:19
【问题描述】:
我正在尝试在 android 2.3.3 上发出跨域 GET 请求。我在服务器上使用 CORS 过滤器。我已经在 chrome、firefox、iphone 上对此进行了测试,并且效果很好。在 android 2.3.3 中,预检请求看起来不错,但 实际请求并未发送 Origin 标头。我可以很好地取回数据,但是 ajax 错误并显示状态 0。我尝试将其更改为 POST 请求并且有效!!!
这里是ajax代码:
...
$.ajax( {
beforeSend: function (xhr, settings) {
xhr.withCredentials = true;
xhr.setRequestHeader('Authorization', 'Bearer myoathtoken');
},
dataType: "json",
type: "GET",
url: getMyUrl() + '/data.json',
success: function(data) {
alert("It works");
}
});
这是获取的结果(不起作用)
OPTIONS http://test2.mydomain:9990/data.json HTTP/1.1
Host: test2.mydomain:9990
Accept-Encoding: gzip
Accept-Language: en-US
Access-Control-Request-Headers: Authorization, Accept
Cookie: mycookie=mycookieval
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
Referer: http://test.mydomain:9990/
User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.3; en-us; sdk Build/GRI34) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Origin: http://test.mydomain:9990
Access-Control-Request-Method: GET
Accept: text/xml, text/html, application/xhtml+xml, image/png, text/plain, */*;q=0.8
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: http://test.mydomain:9990
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, POST
Access-Control-Allow-Headers: Authorization, X-Requested-With, Origin, Accept, Content-Type
Content-Length: 0
Date: Fri, 03 Feb 2012 21:29:05 GMT
GET http://test2.mydomain:9990/data.json HTTP/1.1
Host: test2.mydomain:9990
Accept-Encoding: gzip
Referer: http://test.mydomain:9990/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.3; en-us; sdk Build/GRI34) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Cookie: mycookie=mycookieval
Authorization: Bearer oauthtoken
Accept: application/json, text/javascript, */*; q=0.01
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 03 Feb 2012 21:29:08 GMT
这是发送帖子的结果(作品)
OPTIONS http://test2.mydomain:9990/data.json HTTP/1.1
Host: test2.mydomain:9990
Accept-Encoding: gzip
Accept-Language: en-US
Access-Control-Request-Headers: Authorization, Accept
Cookie: mycookie=mycookieval
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
Referer: http://test.mydomain:9990/
User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.3; en-us; sdk Build/GRI34) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Origin: http://test.mydomain:9990
Access-Control-Request-Method: POST
Accept: text/xml, text/html, application/xhtml+xml, image/png, text/plain, */*;q=0.8
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: http://test.mydomain:9990
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: OPTIONS, POST, HEAD, GET
Access-Control-Allow-Headers: Authorization, X-Requested-With, Origin, Accept, Content-Type
Content-Length: 0
Date: Fri, 03 Feb 2012 21:21:30 GMT
POST http://test2.mydomain:9990/data.json HTTP/1.1
Host: test2.mydomain:9990
Accept-Encoding: gzip
Accept-Language: en-US
Cookie: mycookie=mycookieval
Authorization: Bearer oauthtoken
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
Referer: http://test.mydomain:9990/
User-Agent: Mozilla/5.0 (Linux; U; Android 2.3.3; en-us; sdk Build/GRI34) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Origin: http://test.mydomain:9990
Accept: application/json, text/javascript, */*; q=0.01
Content-Length: 0
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: http://test.mydomain:9990
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 03 Feb 2012 21:21:32 GMT
我做了更多的测试,将授权标头排除在外,它与 GET 配合使用。不确定为什么授权标头会导致获取请求失败。有什么想法吗?
【问题讨论】:
-
我创建了一个简单的测试页面来测试 CORS 请求。您能否在 Android 中尝试您的请求并查看响应是什么:client.cors-api.appspot.com/…
-
感谢您的回复!向server.cors-api.appspot.com/server 发送 GET 请求? id=6058740&httpstatus=200&methods=GET&headers=Authorization ,带有自定义标头 触发 XHR 事件:loadstart 触发 XHR 事件:readystatechange 触发 XHR 事件:错误 XHR 状态:0 XHR 状态文本:
-
对于 android 2.2、2.3 和 3.x,我得到了相同的响应。值得一提的是,控制台日志在 3.x 中返回:E/browser (333):控制台:XMLHttpRequest 无法加载 server.cors-api.appspot.com/…。 Access-Control-Allow-Origin 不允许来源client.cors-api.appspot.com。空:1
-
此图表表明 CORS 支持应该适用于这些 Android 版本:caniuse.com/cors 尽管这可能是一个边缘案例错误。我正在使用 Android 4.0.3,它可以工作。也许您现在可以继续使用 POST 吗?
-
感谢您的浏览。是的,使用 post 是我最终可能会使用的一种解决方法。
标签: android ajax oauth oauth-2.0 cors