问题
I know there are several questions related to this-- but I couldn't find my answer with them. Plus I wanted a bit more clarification.
I am running a rails app locally which makes a jsonp call to a sinatra application which is being used as an API.
When I put this URL in my browser I end up getting the correct response, yet when I make this call through jQuery using $.getJSON I get a forbidden 403 Error. I understand that the $.getJSON is making a jsonp request based on the url having callback=? parameter.
I'm trying to figure out what is causing the 403 Error. Is there some default configuration on the api application that is refusing the request because the script is being requested from an included script tag?
Right now the api request return json data. I assume it's my responsibility to look at the callback parameter and construct a response that actually calls the callback...
so if url was http://myapi.com?callback=blah, then I should be returning something like:
blah({foo: 'bar'})
But I don't know exactly what the 403 is all about. If it's the api server that is returning, then what is it trying to protect against?
here is an example of what the jsonp call looks like:
$.getJSON( 'http://myapi.com?callback=?', {biz: 'buzz'})
I see posts about setting headers for cross origin concerns-- but not sure why this is needed for jsonp request.
回答1:
You need to add jsonp support to your sinatra api application.
Here is one way of adding jsonp support to your sinatra app
Add rack-contrip gem to your Gemfile
gem 'rack-contrib'
Add following to your config.ru
require 'rack/contrib'
use Rack::JSONP
Restart your sinatra app and start testing jsop from javascript
来源:https://stackoverflow.com/questions/23013923/why-does-jsonp-call-return-forbidden-403-yet-url-can-be-accessed-in-a-browser