如何在HTML表单的GET方法中设置授权头。

huangapple go评论64阅读模式
英文:

How to set Authorization header in HTML form of method GET

问题

我想要将HTML表单提交到一个接受queryString中的表单数据以及授权标头的服务器。然后,服务器在数据和授权标头上执行一些计算后,将HTML文档发送回来。

限制

  1. 我不能使用像AJAX或fetch这样的JavaScript功能,因为表单提交会获得HTML响应,需要在浏览器上打开。
  2. 由于内部原因,表单也需要使用GET方法。

响应

收到的响应是一个包含JavaScript的HTML文档,其中包含sessionStorage.setItem('data', 'value'),它的作用范围是原始域。表单存在于parent.example.com原始域中,而接收到的HTML文档位于child.example.com原始域中。因此,我们必须像HTML表单重定向一样前往child.example.com页面。

英文:

I want to submit an HTML form to a server which accepts the form data in the queryString along with Authorization header. The server then sends back a HTML document after performing some computations on the data and the Authorization header.

Restrictions

  1. I cannot use JavaScript features like AJAX or fetch since the form submission gets a HTML response which needs to be opened on the browser.
  2. The form also needs to be of the method GET for internal reasons.

Response

The response received is a HTML document which has JavaScript in it which has sessionStorage.setItem('data', 'value') in it, which is scoped to the origin. The form exists in the parent.example.com origin, whrereas the received HTML document is in child.example.com origin. So, we Must go to the child.example.com page like a HTML form redirection.

答案1

得分: 3

以下是翻译好的部分:

  1. There is no way for client-side code to do this.

    • 客户端代码无法完成此操作。
  2. The closest you could come would be to have the server respond to the request with a 401 Unauthorized status and a WWW-Authenticate: Basic header which would cause the browser to prompt the user for credentials with its native UI and, after the user enters them, repeat the request with an added Authorization using the format of Basic Auth.

    • 最接近的方法是让服务器以401 Unauthorized状态和WWW-Authenticate: Basic标头回应请求,这将导致浏览器使用其本地用户界面提示用户输入凭据,用户输入后,使用Basic Auth格式添加Authorization并重复请求。
  3. As Phil mentions in the comments, it does sound like the URL you want to request simply isn't designed to be navigated to directly by a browser.

    • 正如Phil在评论中提到的,听起来你想请求的URL并不是设计成可以直接在浏览器中访问的。
  4. Rather than trying to work around that, you would probably be better off changing the authentication system to something else (such as cookies which are set in response to a submission from a traditional login form).

    • 与其试图绕过这个问题,你可能最好改变认证系统,采用其他方式(比如在传统登录表单的响应中设置的Cookie)。
英文:

There is no way for client-side code to do this.

The closest you could come would be to have the server respond to the request with a 401 Unauthorized status and a WWW-Authenticate: Basic header which would cause the browser to prompt the user for credentials with its native UI and, after the user enters them, repeat the request with an added Authorization using the format of Basic Auth.


As Phil mentions in the comments, it does sound like the URL you want to request simply isn't designed to be navigated to directly by a browser.

Rather than trying to work around that, you would probably be better off changing the authentication system to something else (such as cookies which are set in response to a submission from a traditional login form)

huangapple
  • 本文由 发表于 2023年4月17日 15:42:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/76032758.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定