带有Authorize的HTTP标头作为OPTIONS发送

时间:2015-08-04 09:39:11

标签: angularjs http http-headers

我正在制作一个基于令牌的身份验证系统。当用户登录发回的令牌时,随后每次调用时都会将其提交给服务器

分配令牌

   .factory('AuthenticationService', function($rootScope, $http, authService, $httpBackend) {
   var service = {
login: function(user) {
  $http.post('http://192.168.100.100/myApp/login', { user: user }, { ignoreAuthModule: true })
  .success(function (data, status, headers, config) {
    $http.defaults.headers.common.Authorization = data.authorizationToken; 
    console.log("token:" + data.authorizationToken);
    authService.loginConfirmed(data, function(config) {
      config.headers.Authorization = data.authorizationToken;
      return config;
    });
  })

执行此操作后,调用将以OPTIONS而不是POST方式发送,我发送给RESTful服务器的问题是OPTIONS不是啊嗯嗯一个选项。即服务器期望POSTGET

Chrome将我的标题显示为.. 

General

**Remote Address:** 192.168.100.100:80
**Request URL:** http://192.168.100.100/myapp/login
**Request Method:** OPTIONS
**Status Code:** 404 Not Found

Response Headers

**Access-Control-Allow-Origin:** *
**Cache-Control:** no-cache, must-revalidate
**Connection:** Keep-Alive
**Content-Encoding:** gzip
**Content-Length:** 563
**Content-Type:** text/plain
**Date:** Tue, 04 Aug 2015 04:29:14 GMT
**Expires:** 0
**Keep-Alive:** timeout=5, max=100
**Server:** Apache/2.2.22 (Debian)
**Vary:** Accept-Encoding
**X-Powered-By:** PHP/5.4.41-0+deb7u1

Request Headers

OPTIONS /myapp/login HTTP/1.1
**Host:** 192.168.100.100
**Connection:** keep-alive
**Access-Control-Request-Method:** POST
**Origin:** null
**User-Agent:** Mozilla/5.0 (Linux; U; Android 4.0; en-us; GT-I9300 Build/IMM76D)         AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
**Access-Control-Request-Headers:** authorization, content-type
**Accept:** */*
**Accept-Encoding:** gzip, deflate, sdch
**Accept-Language:** en-US,en;q=0.8

它是否始终为OPTIONS并且我是否必须更改我的RESTful服务器才能容纳此项,如果我无法在标题中看到令牌?

2 个答案:

答案 0 :(得分:0)

请检查CORS是否已启用?如果是,请尝试像这样处理OPTIONS请求

if (req.method === 'OPTIONS') {
      console.log('!OPTIONS');
      var headers = {};
      // IE8 does not allow domains to be specified, just the *
      // headers["Access-Control-Allow-Origin"] = req.headers.origin;
      headers["Access-Control-Allow-Origin"] = "*";
      headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, OPTIONS";
      headers["Access-Control-Allow-Credentials"] = false;
      headers["Access-Control-Max-Age"] = '86400'; // 24 hours
      headers["Access-Control-Allow-Headers"] = "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept";
      res.writeHead(200, headers);
      res.end();
}

答案 1 :(得分:0)

这是检查CORS是否已启用的预检请求

在预检请求期间,您应该看到以下两个标题:Access-Control-Request-Method和Access-Control-Request-Headers。这些请求标头要求服务器发出实际请求的权限。您的预检响应需要确认这些标题,以便实际请求起作用。

不久。您需要在服务器上启用这些标头以实际执行请求

相关问题
最新问题