我正在使用HMAC进行身份验证,但
$.ajax({
type: "POST",
url: baseURL + "/test/hmac",
contentType: "application/json",
dataType: "json",
beforeSend: function (request) {
request.setRequestHeader('authorization', 'AuthHMAC '+client.key +":" + CryptoJS.HmacSHA1(canonical_string, client.secret).toString(CryptoJS.enc.Base64));
request.setRequestHeader('content-md5', md5);
request.setRequestHeader('Dates', date); //Refused to set unsafe header "Date"
},
data: JSON.stringify(data),
success: function (data) {
alert(data.message);
},
error: function (errorMessage) {
if(errorMessage.status == 401)
alert('Access denied');
}
});
然而代码在request.setRequestHeader('Date', date);上出错
浏览器对我说'拒绝设置不安全的标题“日期”'
这是有问题的,因为Date标头对于HMAC对重放攻击非常重要,因此我无法在服务器上进行太多更改,如何在客户端执行此操作以让它自动将Date添加到标头