大家好,我在本地主机上有一个 xwiki,出于测试目的,我想通过编写一些简单的 jquery 脚本来测试 RESTful api:
<script type="text/javascript">
var username = "Admin";
var password ="admin";
function make_base_auth(user, password)
{
var tok = user + ':' + password;
var hash = btoa(tok);
alert(hash);
return "Basic " + hash;
}
var url = "http://localhost:8080/xwiki/rest/wikis/query?q=object:XWiki.XWikiUsers";
var returnData = "";
$.ajax({
type: "GET",
dataType: "xml",
crossDomain: true,
async: true,
url: url,
headers: {"authorization": make_base_auth(username, password), "Access-Control-Allow-Origin": "*" },
error: function(request, status, error)
{
alert(error)
},
success: function(data)
{
alert("success");
}
});
</script>
我得到的错误是:
XMLHttpRequest cannot load http://localhost:8080/xwiki/rest/wikis/query?q=object:XWiki.XWikiUsers. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
但是尝试与 postman 一起我得到了正确的结果...我错过了一些东西? 谢谢
最佳答案
默认配置下XWiki不允许CORS;您需要在 web.xml 中启用它
允许使用 authentication 发送身份验证数据 header ,编辑文件 web.xml 并在带有过滤器的部分中添加一个新过滤器:
<filter>
<filter-name>Set CORS headers very lenitent</filter-name>
<filter-class>org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter</filter-class>
<init-param>
<param-name>name</param-name>
<param-value>Access-Control-Allow-Headers</param-value>
</init-param>
<init-param>
<param-name>value</param-name>
<param-value>authorization</param-value>
</init-param>
</filter>
现在您需要激活过滤器;再往下看 filter-mapping添加您自己的:
<filter-mapping>
<filter-name>Set CORS headers very lenitent</filter-name>
<servlet-name>RestletServlet</servlet-name>
</filter-mapping>
(是的,如果您不喜欢过滤器名称,请使用不同的名称,只需在两个地方使用相同的名称即可。)
正如您在评论中所指出的,允许多个 HTTP header 的工作原理如下:
<filter>
<filter-name>Set CORS headers very lenitent</filter-name>
<filter-class>org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter</filter-class>
<init-param>
<param-name>name</param-name>
<param-value>Access-Control-Allow-Headers</param-value>
</init-param>
<init-param>
<param-name>value</param-name>
<param-value>authorization, content-type</param-value>
</init-param>
</filter>
(在这种情况下,允许 authorization header 和“非标准”Content-Type header )(旁注: header 不区分大小写: Are HTTP headers case-sensitive? )
此外,您还需要为 REST 请求允许 CORS;对于此搜索:
<!-- We set the CORS policy globally for webjars.
... longer comment ....
-->
<filter-mapping>
<filter-name>Set CORS policy for fonts</filter-name>
<servlet-name>resourceReferenceHandler</servlet-name>
<url-pattern>/webjars/*</url-pattern>
<url-pattern>*.woff</url-pattern>
<url-pattern>*.eot</url-pattern>
<url-pattern>*.ttf</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
编辑过滤器映射并添加一行 <servlet-name>RestletServlet</servlet-name>也为其余 servlet 激活此过滤器:
<filter-mapping>
<filter-name>Set CORS policy for fonts</filter-name>
<servlet-name>resourceReferenceHandler</servlet-name>
<servlet-name>RestletServlet</servlet-name>
<url-pattern>/webjars/*</url-pattern>
[...]
重新启动 servlet 容器后,AJAX 请求现在应该可以工作。
关于javascript - xwiki REST ajax调用错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35457765/