我不知道故障发生在哪里,这是jQuery问题还是Compojure问题还是什么。
我想发出这个跨域请求:
function signup() {
var signup_username = $('#signup_username').val();
var signup_password_1 = $('#signup_password_1').val();
var signup_password_2 = $('#signup_password_2').val();
$.ajax({
type: "POST",
contentType: "application/json",
url: "http://localhost:40000/signup",
data:
JSON.stringify({
"signup_username": signup_username,
"signup_password_1": signup_password_1,
"signup_password_2": signup_password_2
}),
complete: function (data) { console.log(data); alert("Done. Look at the console.log to see the results."); },
success: function (data) { console.log(data); },
error: function (data) { console.log(data); },
dataType: "json"
});
}
我在服务器上写了一个小的Clojure应用,使用嵌入式Jetty作为服务器。我这样定义我的Compojure路由:
(defroutes app-routes
(GET "/" request (login-form request))
(POST "/" request (login request))
(OPTIONS "/" request (preflight request))
(GET "/signup" request (signup-form request))
(POST "/signup" request (signup request))
(OPTIONS "/signup" request (preflight request))
(route/resources "/")
(route/not-found "Page not found. Check the http verb that you used (GET, POST, PUT, DELETE) and make sure you put a collection name in the URL, and possibly also a document ID."))
我正在本地机器上进行测试,但我想测试跨域,所以我在2个不同的端口上启动相同的应用程序:34001和40000。我将FireFox指向34001,然后Javascript应该跨域调用40000。
首先,我用CURL测试:
curl -X OPTIONS --verbose http://localhost:40000/signup
给我:
* About to connect() to localhost port 40000 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 40000 (#0)
> OPTIONS /signup HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8x zlib/1.2.5
> Host: localhost:40000
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sun, 13 Jul 2014 20:43:43 GMT
< Access-Control-Allow-Origin: localhost:40000
< Access-Control-Allow-Methods: PUT, DELETE, POST, GET, OPTIONS, XMODIFY
< Access-Control-Max-Age: 2520
< Access-Control-Allow-Credentials: true
< Access-Control-Request-Headers: x-requested-with, content-type, origin, accept
< Access-Control-Allow-Headers: x-requested-with, content-type, origin, accept
< Content-Type: application/json;charset=ISO-8859-1
< Content-Length: 12
< Server: Jetty(7.x.y-SNAPSHOT)
<
* Connection #0 to host localhost left intact
* Closing connection #0
所以我看到了我期望看到的大部分标题。
现在我用FireFox测试它,并启用了Firebug。Firebug不显示任何预飞行选项请求,而只是看到错误:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:40000/signup. This can be fixed by moving the resource to the same domain or enabling CORS.
奇怪。我想知道FireFox是否正在发出飞行前选项请求。所以我打开Charles http://www.charlesproxy.com/
Charles向我展示了FireBug没有的活动。Charles给我看了这个请求:
OPTIONS /signup HTTP/1.1
Host: localhost:40000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://localhost:34001
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
, Charles给我看了这个回应:
HTTP/1.1 200 OK
Date: Sun, 13 Jul 2014 20:35:27 GMT
Access-Control-Allow-Origin: http://localhost:34001
Access-Control-Allow-Methods: DELETE, GET, POST, PUT
Content-Type: application/octet-stream;charset=ISO-8859-1
Content-Length: 18
Server: Jetty(7.x.y-SNAPSHOT)
preflight complete
至少我面临的一个问题是,这种反应是从哪里来的?从上面的Compojure路由中可以看到,这个请求应该已经转到了"preflight"函数,我是这样定义的:
(defn preflight [request]
"2014-07-13 - this is meant to enable CORS so our frontenders can do cross-browser requests. The browser should do a 'preflight' OPTIONS request to get permission to do other requests."
(print " IN PREFLIGHT ")
(println " headers host is: " (str (get-in request [:headers "host"])))
(assoc
(ring.util.response/response "CORS enabled")
:headers {"Content-Type" "application/json"
"Access-Control-Allow-Origin" (str (get-in request [:headers "host"]))
"Access-Control-Allow-Methods" "PUT, DELETE, POST, GET, OPTIONS, XMODIFY"
"Access-Control-Max-Age" "2520"
"Access-Control-Allow-Credentials" "true"
"Access-Control-Request-Headers" "x-requested-with, content-type, origin, accept"
"Access-Control-Allow-Headers" "x-requested-with, content-type, origin, accept"}))
当我用CURL测试时,我可以看到这些头,但当我使用FireFox时却看不到。而且当我使用CURL时,我的printlin语句被打印到终端,而不是FireFox。
由于某些原因,来自FireFox的预飞行请求没有转到我的预飞行功能。事实上,我不知道它去了哪里。它得到的响应与我定义的任何路由都不匹配。
有人知道发生了什么事吗?我注意到这个家伙尽了最大的努力,并决定CORS是不可用的:
http://chstrongjavablog.blogspot.com/2013/04/enabling-cors-for-jetty.html 更新:这看起来很可疑:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
我怎么说"application/json"?
如何控制FireFox发出的预飞行请求?还是用jQuery来做?
而且,这个响应看起来非常有限:
Content-Type: application/octet-stream;charset=ISO-8859-1
同样,我不能弄清楚是什么导致了这个返回,所以我不能控制响应。
当我在Chrome中测试时,我得到这个错误:
XMLHttpRequest cannot load http://localhost:40000/signup. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
并且,再次,当我使用CURL测试时,我得到了正确的标头,然而不知何故,Chrome和FireFox要去一个我从未定义过的路由。
如果我这样做:
curl -X OPTIONS --verbose http://localhost:40000/signup
我得到这些响应头:
< HTTP/1.1 200 OK
< Date: Sun, 13 Jul 2014 22:45:00 GMT
< Access-Control-Allow-Origin: localhost:40000
< Access-Control-Allow-Methods: PUT, DELETE, POST, GET, OPTIONS, XMODIFY
< Access-Control-Max-Age: 2520
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Headers: x-requested-with, content-type, origin, accept
< Content-Type: application/json;charset=ISO-8859-1
< Content-Length: 12
< Server: Jetty(7.x.y-SNAPSHOT)
这包括Access-Control-Allow-Headers,它有"content-type"。但是在Chrome和FireFox中,浏览器都做了一个飞行前的OPTIONS调用,该调用获得的响应似乎不是来自我定义的任何路由。
如果我使用Charles网络调试器,我看到FireFox发送这些头:
OPTIONS /signup HTTP/1.1
Host: localhost:40000
Access-Control-Request-Method: POST
Origin: http://localhost:34001
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://localhost:34001/signup
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
并得到这个响应:
HTTP/1.1 200 OK
Date: Sun, 13 Jul 2014 22:42:58 GMT
Access-Control-Allow-Origin: http://localhost:34001
Access-Control-Allow-Methods: DELETE, GET, POST, PUT
Content-Type: application/octet-stream;charset=ISO-8859-1
Content-Length: 18
Server: Jetty(7.x.y-SNAPSHOT)
preflight complete
我不知道这种反应是从哪里来的。如果我在整个项目中这样做:
grep -iR "preflight complete" *
短语"飞行前完成"出现在哪里是我的代码。那么这种反应是从哪里来的呢?为什么FireFox和Chrome的结果和我用CURL打电话时的结果不一样呢?
更新:我终于找到答案了。我折腾了几个小时,试图让CORS工作,在许多其他实验中,我应用了这个中间件:
https://github.com/r0man/ring-cors,它覆盖了我发回的报头。我很好奇为什么这种覆盖只发生在Ajax请求而不是curl请求上。也许那是什么神奇的罗马人放进了戒指。无论哪种方式,我都删除了它,现在我看到了我发回的标题。
您将不得不处理两个请求,第一个是选项,第二个是帖子。幸运的是,有人已经编写了一个框架来简化这个过程(https://github.com/r0man/ring-cors)。
如果你决定使用ring-cors,那么你可以这样包装所有的路由:
(def app
(-> (handler/api app-routes)
(wrap-cors :access-control-allow-origin #"yoursite"
:access-control-allow-methods [:get :put :post]
:access-control-allow-headers ["Content-Type"])))