【问题标题】:What causes this ajax-upload javascript error?是什么导致了这个 ajax-upload javascript 错误?
【发布时间】:2016-08-09 21:40:23
【问题描述】:

我尝试以多部分形式上传带有AjaxSubmitLink 的文件。文件上传本身工作正常,但随后我在调试控制台中收到一个 javascript 错误:

ERROR: Cannot read Ajax response for multipart form submit: SecurityError: Blocked a frame with origin "http://localhost:8888" from accessing a cross-origin frame.
ERROR: Wicket.Ajax.Call.failure: Error while parsing response: No XML response in the IFrame document

是什么导致了这个异常? (我该如何解决?)

我的代码:

public class AddAttachmentPanel
    extends Panel
{
    private static final Logger LOG = LoggerFactory.getLogger( AddAttachmentPanel.class );

    @Inject
    IRemoteIssueService remoteIssueService;

    Form addAttachmentForm;

    FileUploadField fuf;

    public AddAttachmentPanel( String id, IModel<UiIssue> uiIssueModel )
    {
        super( id );
        this.setVisible( false );
        this.setOutputMarkupId( true );
        this.setOutputMarkupPlaceholderTag( true );

        this.addAttachmentForm = new Form<Void>( "addAttachmentForm" )
        {
            private static final long serialVersionUID = 3350671074490969089L;

            @Override
            protected void onError()
            {
                LOG.error( "Uh oh" );
            }

            @Override
            protected void onSubmit()
            {
                super.onSubmit();
                try
                {
                    File file = AddAttachmentPanel.this.fuf.getFileUpload().writeToTempFile();
                    LOG.info( "Wrote file:" + file.length() );
                }
                catch ( Exception e )
                {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }

                uiIssueModel.detach();
                WicketSession.get().info( "Success!" );
            }
        };

        this.addAttachmentForm.setMultiPart( true );
        this.addAttachmentForm.setMaxSize( Bytes.megabytes( Settings.UPLOAD_MAX_MB ) );

        this.fuf = new FileUploadField( "fuf" );
        this.fuf.setRequired( true );

        this.addAttachmentForm.add( this.fuf );

        this.addAttachmentForm.add( new AjaxSubmitLink( "saveAttachmentLink", this.addAttachmentForm )
        {

            private static final long serialVersionUID = 6351225213189683847L;

            @Override
            protected void onAfterSubmit( final AjaxRequestTarget target, final Form<?> form )
            {
                super.onAfterSubmit( target, form );
                this.send( this.getPage(), Broadcast.BREADTH, new IssueUpdatedEvent( target, uiIssueModel.getObject() ) );
            }
        } );


        this.add( this.addAttachmentForm );
    }

}

【问题讨论】:

    标签: java ajax iframe upload wicket


    【解决方案1】:

    这是由将X-Frame-Options 设置为 DENY 引起的(我在 OWASP 扫描中这样做了)。

    更改为 SAMEORIGIN 修复了它。

    @Override
    protected WebResponse newWebResponse( WebRequest webRequest, HttpServletResponse httpServletResponse )
    {
        WebResponse response = super.newWebResponse( webRequest, httpServletResponse );
        //Protect against clicjJacking:
        // See https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
        // and http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
        response.addHeader( "X-Frame-Options", "SAMEORIGIN" );
        return response;
    }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2011-08-13
      • 2012-10-06
      • 2012-09-21
      • 2010-10-12
      • 2013-10-03
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多