Access denied in IE 10 and 11 when ajax target is localhost

与世无争的帅哥 提交于 2019-11-26 04:47:06

问题


I\'m trying to do a ajax call between a server (http) that is on internet. And target that to my own localhost. FF/Chrome/ ETC... works. It\'s ONLY an IE issue. IM USING IE 11 AND 10.

The request is don\'t even done. The \"denied access\" is thrown instantly.

This is the code. Just for you to see.

Is not the classical HTTP/HTTPS error in IE8 AND IE9. This is something else, but the documentation is not helpful.

$jq.ajax({
            contentType: \'application/json\',
            url: url,
            dataType: \'json\',
            crossDomain: true,
            beforeSend: function (xhr) {
                xhr.withCredentials = true; 
                xhr.setRequestHeader(\"Authorization\", \"Basic \" + $jq.base64.encode(username and password));
            },
            success: function (data, status, headers) {},
            error: function (xhr, status, error) {}

The status is 0 in xhr object and error is \"Denied access\"


回答1:


Internet Explorer raises this error as part of its security zones feature. Using default security settings, an "Access is Denied" error is raised when attempting to access a resource in the "Local intranet" zone from an origin in the "Internet" zone.

If you were writing your Ajax code manually, Internet Explorer would raise an error when you try to open the resource. For example:

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://localhost/', true); // This line will trigger an error
xhr.send();

You can work around this error by adding the origin site to the "Trusted sites" security zone. You can test this by adding "http://client.cors-api.appspot.com" to your "Trusted sites" zone and using this test page at test-cors.org with your localhost site as the Remote URL.




回答2:


In addition to the trusted site requirement I found that the problem was not fixed until I used the same protocol for the request as my origin, e.g. my test site was hosted on a https but failed with any destination using http (without the s).

This only applies to IE, Chrome just politely logs a warning in the debug console and doesn't fail.




回答3:


If you are attempting to make cross-origin ajax requests in IE9, you'll need to use XDomainRequest instead of XMLHttpRequest. There is a jQuery plug-in that wraps XDR. You should be aware that there are some notable limitations of XDR.

Another option would be to use a library like this: https://github.com/jpillora/xdomain.




回答4:


jQuery implements ajax calls using the XMLHttpRequest object which is not supported in IE9. You have to force it to use XDomainRequest instead.

I get around this problem using this jQuery plugin:

https://github.com/MoonScript/jQuery-ajaxTransport-XDomainRequest




回答5:


Note:

Do not use "http://www.domain.xxx" or "http://localhost/" or "IP" for URL in Ajax. Only use path(directory) and page name without address.

false state:

var AJAXobj = createAjax();
AJAXobj.onreadystatechange = handlesAJAXcheck;
AJAXobj.open('POST', 'http://www.example.com/dir/getSecurityCode.php', true);
AJAXobj.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
AJAXobj.send(pack);

true state:

var AJAXobj = createAjax();
AJAXobj.onreadystatechange = handlesAJAXcheck;
AJAXobj.open('POST', 'dir/getSecurityCode.php', true);   // <<--- note
AJAXobj.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
AJAXobj.send(pack);



function createAjax()
{
    var ajaxHttp = null;
    try
    {
        if(typeof ActiveXObject == 'function')
            ajaxHttp = new ActiveXObject("Microsoft.XMLHTTP");
        else 
        if(window.XMLHttpRequest)
            ajaxHttp = new XMLHttpRequest();
    }
    catch(e)
    {
        alert(e.message);
        return null;
    }
    //-------------
    return ajaxHttp;
};


来源:https://stackoverflow.com/questions/22098259/access-denied-in-ie-10-and-11-when-ajax-target-is-localhost

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!