在使用自签名证书的服务器上进行AJAX调用时,有时用户在未安装CA证书的情况下尝试访问应用,导致请求无声失败,特别是在Firefox中。尽管浏览器会在访问实际页面时显示证书警告,但AJAX请求的错误处理程序不会触发。问题的根源并非证书,而是JQuery库未正确加载,导致AJAX错误处理程序未运行。解决方案是确保用户在访问前已安装CA证书,并正确加载所有依赖库。
I want to make AJAX calls to a secure server that uses a self-signed certificate. In the environment where my app is being used, this is fine -- I can provide the CA cert to users and have them install it before using the app. However, sometimes, a user tries to visit the app before installing the certs. In these cases, the app silently fails -- at least in Firefox (most common case of the problem), it appears that the call silently dies, without even firing off the error handler. FWIW, if the user visits an actual page on the server, they get a cert warning.
I could hack in a workaround -- say, make a heartbeat/ping request and set up a watchdog timer to see if the server responds in time -- but that seems, well, hacky. I'd prefer to be able to test the connection ahead of time. What's the "right" way to make sure the server you want to talk to has a trusted cert from within Javascript? If it makes any difference, I'm doing my AJAX requests via JQuery.
UPDATE: There's an awesome punchline here. Turns out, AJAX was not the problem at all. I was sure based on the symptoms that it was related to the self-signed certs, but the lack of AJAX error was disturbing, esp. given the spec linked to in the answer below. Another team member nailed it: the AJAX error handlers weren't firing off because JQuery was never loaded! We were including JQuery from another subdomain of our site, also hosted on HTTPS -- and users had added exceptions for ourService.example.com but not js.example.com. Apparently if you point a tag at non-trusted secure connection, that fails silently as well.
{/headdesk}
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
