jquery ajax https调用给出ERR_INSECURE_RESPONSE
jquery ajax https call gives ERR_INSECURE_RESPONSE
我正在尝试从jquery向node.js进程进行https CORS ajax调用。然而,当调用时,chrome会在控制台OPTIONS https://localhost/ net::ERR_INSECURE_RESPONSE中进行投诉。
看看类似的堆栈溢出问题,从HTTP到HTTPS的跨域请求立即中止。如果我导入我创建的自签名证书,我应该能够进行跨源HTTPS-ajax调用。所以我把证书导入chrome。我可以在chrome的"管理证书"选项卡中的"权限"下看到证书。但当我尝试ajax调用时,它仍然失败。
我就是这样制作私钥的:openssl genrsa -out domain.key 4096
现在证书:openssl req -x509 -sha512 -nodes -newkey rsa:4096 -keyout domain.key -out domain.crt
对于通用名称,我放置了计算机的IP地址,这样chrome就不会抱怨URL不匹配。
这是html页面。
<!DOCTYPE html>
<html>
<title>BlackBox</title>
<head>
<meta charset="utf-8">
<script src="jquery-1.11.2.min.js"></script>
<script src="bootstrap-3.3.4-dist/js/bootstrap.min.js"></script>
<script src="login.js"></script>
</head>
<body>
<div class="container-fluid">
<div class="row">
<div class=col-md-4>
<h2> Welcome to BlackBox</h2>
<label>username</label>
<input type="text" name="username" id="username">
<label>password</label>
<input type ="text" name="password" id="password">
<input type="button" id="loginbtn" value="Login"/>
<div class="container">
<div class="row">
<div class="out"></div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
这是与html一起使用的javascript。
$(document).ready(function() {
$('#loginbtn').click(clickLogin);
function clickLogin() {
var username = $('#username').val();
var password = $('#password').val();
if(password == '' || username == '') {
$(".out").html("Empty username or password");
} else {
$.ajax({
type: "PUT",
url: "https://localhost/",
contentType: "application/json",
data: JSON.stringify({
username: username,
password: password,
}),
dataType: "text",
})
}
};
});
最后是节点进程,它同时为html和javascript提供服务,并假定接收ajax调用。
const fs = require("fs");
const http = require('http');
const https = require('https');
var loginPage = fs.readFileSync('login.html');
var loginPageJs = fs.readFileSync('login.js');
var jquery = fs.readFileSync('jquery-1.11.2.js');
var bootstrap = fs.readFileSync('bootstrap-3.3.4-dist/js/bootstrap.min.js')
var options = {
key: fs.readFileSync('domain.key'),
cert: fs.readFileSync('domain.crt')
};
http.createServer(function(req, res) {
res.writeHead(301, {Location: 'https:192.168.1.58/'})
res.end();
}).listen(80);
https.createServer(options, function(req, res) {
if(req.method === 'GET' && req.url === '/') {
res.writeHead(200, "OK", {'Content-Type': 'text/html'});
res.write(loginPage);
res.end();
} else if(req.method === 'GET' && req.url === '/login.js') {
res.writeHead(200, "OK", {'Content-Type': 'application/javascript'});
res.write(loginPageJs);
res.end();
} else if(req.method === 'GET' && req.url === '/jquery-1.11.2.js') {
res.writeHead(200, "OK", {'Content-Type': 'application/javascript'});
res.write(jquery);
res.end();
} else if(req.method === 'GET' && req.url === '/bootstrap-3.3.4- dist/js/bootstrap.min.js') {
res.writeHead(200, "OK", {'Content-Type': 'application/javascript'});
res.write(bootstrap);
res.end();
} else if(req.method === "OPTIONS" && req.url === '/') {
res.writeHead(204, "No Content", {
"access-control-allow-origin": origin,
"access-control-allow-methods": "GET, POST, PUT, DELETE, OPTIONS",
"access-control-allow-headers": "content-type, accept",
"access-control-max-age": 10,
"content-length": 0
});
var requestBodyBuffer = [];
req.on("data", function(chunk) {
requestBodyBuffer.push(chunk);
})
req.on("end", function() {
var requestBody = requestBodyBuffer.join("");
var obj = JSON.parse(requestBody);
if(obj.hasOwnProperty('username') && obj.hasOwnProperty('password')) {
console.log(obj.username);
console.log(obj.password);
}
})
}
}).listen(443);
最近我写了一个用于whois查找的应用程序,我也遇到了这个问题,但在检查了所有可能性后,它终于正常工作了。
这是一篇关于生成自签名证书的有用文章:
https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs
***代码中的注释将帮助您****
index.js代码:
function checkAvailability(domainParsed) {
$.ajax({
method : "GET",
url : "https://localhost:55555/check", // Pay attention To This Line
"Content-Type" : "application/json",
data : {domain : domainParsed , array : postFixesArray }
}).done(function(data) {
availableDomanisToShow = data.availableDomains;
registeredDomanisToShow = data.registeredDomains;
});
}
server.js代码:
var bodyParser = require("body-parser") ;
var unirest = require('unirest');
var https = require('https');
var http = require('http');
var fs = require('fs');
var express = require('express');
var app = express();
var registeredDomains = [];
var availableDomains = [];
var counter = 0 , i = 0;
app.use(bodyParser.json({ type: 'application/json'})) ;
app.use(bodyParser.urlencoded({ extended:true })) ;
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*"); // Pay attention To This Line --> Cross domain request
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); // Pay attention To This Line --> Cross domain request
next();
});
app.use("/check",function(req,resp,next) {
var fqdn,postfix;
availableDomains = [];
registeredDomains = []
while( i < req.query.array.length) {
fqdn = req.query.domain + req.query.array[i];
postfix = req.query.array[i];
checkAvailability(fqdn,postfix,req.query.array.length);
console.log(req.query.array.length)
i++;
}
function checkAvailability(domain,postfix,length) {
unirest.get('https://jsonwhois.com/api/v1/whois').headers({
'Accept': 'application/json',
'Authorization': 'Token token=238d7da7fac57882a176cb14411d781a'
}).query({
"domain" : domain
}).end(function(response) {
console.log(domain , response.body['available?']);
if(true != response.body['available?']) {
registeredDomains.push(postfix);
counter++;
if(counter == length) {
counter = 0 ;
i = 0;
resp.json( { "registeredDomains" : registeredDomains , "availableDomains" : availableDomains } );
}
}
else {
availableDomains.push(postfix);
counter++;
if(counter == length) {
counter = 0 ;
i = 0;
resp.json( { "registeredDomains" : registeredDomains , "availableDomains" : availableDomains } );
}
}
});
}
});
https.createServer({
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
}, app).listen(55555);
http.createServer(app).listen(8000);
console.log("httpsServer are Listening on " + 55555);
console.log("httpServer are Listening on " + 8000);
为了测试/开发目的,您也可以禁用铬安全
使用以下参数运行chromi/googlechrome,将用户数据目录替换为chrome目录,如果只需要一次性配置,则使用/tmp
chromium-browser --allow-running-insecure-content --disable-web-security --user-data-dir=~/.config/chromium/Default
相关文章:
- 安装节点6后出错,npm ERR!无效版本:1.0.5beta
- system.err风格的控制台以javascript打印
- AngularJS:使用ng-show/hide动态维护下拉列表的3种状态(InProgress、Success、Err
- npm ERR!安装无法't在mac上读取依赖项
- 通过带有err,value签名的回调创建promise
- 在 Mocha 中,返回将被拒绝的承诺与调用 done(err) 的效果不同
- 节点服务器响应错误: process.nextTick(function(){throw err;});.
- res://ieframe.dll/acr-err 在 Java 6 上的 IE 11 //Windows 8/8.1/
- net::ERR CONTENT LENGTH MISMATCH in Chrome with Jboss WildFl
- Heroku,节点npm ERR!argv”/app/.heroku/note/bin/node”"/app/.
- Aurelia npm install: tons of "gyp ERR"
- 这是如何工作的呢?Express (err, req, res, next)或(req, res, next)中可选的第
- 当使用Jasmine测试资源服务时,ERR: [$resource:badcfg]查询
- 修复module.js:328抛出err;
- npm ERR! Linux 4.4.0-43-generic
- 使用supertest和Express JS测试next(err)
- npm犯错!404 Not Found npm ERR!不,代码0
- Node.JS -想把输出从控制台移到日志/err文件中
- ES6生成器:从iterator.throw(err)中跟踪堆栈错误
