在 JavaScript 中设置请求标头
在使用 XMLHttpRequest 进行 AJAX 调用时,我似乎无法从 JavaScript 更改大多数请求标头.请注意,当必须在 Gecko 浏览器中的 request.open() 之后调用 request.setRequestHeader 时(请参阅 http://ajaxpatterns.org/Talk:XMLHttpRequest_Call).当我设置 Referer 时,它没有被设置(我查看了使用 Firebug 和 Tamper Data 发送的请求标头).当我设置 User-Agent 时,它完全搞砸了 AJAX 调用.但是,设置 Accept 和 Content-Type 确实有效.我们是否无法在 Firefox 3 中设置 Referer 和 User-Agent?
It seems that I am unable to change most request headers from JavaScript when making an AJAX call using XMLHttpRequest. Note that when request.setRequestHeader has to be called after request.open() in Gecko browsers (see http://ajaxpatterns.org/Talk:XMLHttpRequest_Call). When I set the Referer, it doesn't get set (I looked at the request headers sent using Firebug and Tamper Data). When I set User-Agent, it messed up the AJAX call completely. Setting Accept and Content-Type does work, however. Are we prevented from setting Referer and User-Agent in Firefox 3?
var request = new XMLHttpRequest();
var path="http://www.yahoo.com";
request.onreadystatechange=state_change;
request.open("GET", path, true);
request.setRequestHeader("Referer", "http://www.google.com");
//request.setRequestHeader("User-Agent", "Mozilla/5.0");
request.setRequestHeader("Accept","text/plain");
request.setRequestHeader("Content-Type","text/plain");
request.send(null);
function state_change()
{
if (request.readyState==4)
{// 4 = "loaded"
if (request.status==200)
{// 200 = OK
// ...our code here...
alert('ok');
}
else
{
alert("Problem retrieving XML data");
}
}
}
要点:
如果请求头有已经设置,那么新值必须连接到现有的使用 U+002C 逗号后跟的值一个 U+0020 SPACE 用于分离.
If the request header had already been set, then the new value MUST be concatenated to the existing value using a U+002C COMMA followed by a U+0020 SPACE for separation.
UA 可以给 User-Agent 头一个初始值,但必须允许作者向它附加值.
UAs MAY give the User-Agent header an initial value, but MUST allow authors to append values to it.
但是 - 在 jQuery 中搜索框架 XHR 后,它们不允许您更改 User-Agent 或 Referer 标头.最接近的事情:
However - After searching through the framework XHR in jQuery they don't allow you to change the User-Agent or Referer headers. The closest thing:
// Set header so the called script knows that it's an XMLHttpRequest
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
我倾向于认为您想要做的是被 FF 中的安全策略拒绝 - 如果您想传递一些自定义的 Referer 类型标头,您总是可以这样做:>
I'm leaning towards the opinion that what you want to do is being denied by a security policy in FF - if you want to pass some custom Referer type header you could always do:
xhr.setRequestHeader('X-Alt-Referer', 'http://www.google.com');