if(options.proxy){
xmlHttp.withCredentials =true;
xmlHttp.setRequestHeader("Proxy-Authorization","Basic bGlhbmcud2FuZzo4ZCFnV3hMMA==");
}
需要注意的是requestHeader的value是 "Basic " +Base64.encode(username:password);
但不知道为什么需要
xmlHttp.withCredentials =true;
而且根据w3c的说法;
For security reasons, these steps should be terminated if header is an ASCII case-insensitive match for one of the following headers:
Accept-Charset
Accept-Encoding
Connection
Content-Length
Cookie
Cookie2
Content-Transfer-Encoding
Date
Expect
Host
Keep-Alive
Referer
TE
Trailer
Transfer-Encoding
Upgrade
User-Agent
Via
… or if the start of header is an ASCII case-insensitive match for Proxy- or Sec- (including when header is just Proxy- or Sec-).
Note: The above headers are not allowed to be set as they are better controlled by the user agent as it knows best what value they should have. Header names starting with Sec- are not allowed to be set to allow new headers to be minted in the future that are guaranteed not to come from XMLHttpRequest. (Older clients would however still be vulnerable as they allow such headers to be set.但是我这样设置后确实好使了,407就不出现了,不知道该信谁的。
btw:为什么我的Ajax请求返回的status永远是0,返回值“”/null,而我把xmlhttp.url对应的值复制到地址栏回车就好使,能返回。高手解答下
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
