我正在为我的应用制作身份验证高级组件,该组件向我的API发出GET请求,然后如果响应不是HTTP 200,则重定向用户。该API使用Cookie来验证用户身份,并且HOC在客户端上可以完美运行。但是,当我在服务器上发出API请求时,每次都会得到一个HTTP 401响应。
我在服务器和客户端响应的API上都记录了响应,并注意到服务器请求只有几个请求标头,而客户端请求有更多标头,包括cookie标头和XSRF令牌标头。 服务器上的请求发送如此少的标头可能是什么原因?
这是我的HOC代码:
import React from 'react'
import redirect from '../utils/redirect'
const withAuth = <T extends Object>(C: React.ComponentType<T>) => {
class AuthComponent extends React.Component<T> {
static getInitialProps = async (context) => {
const { isServer, req, store } = context
const cookie: string = isServer && req ? req.headers.cookie : null
const config = { headers: { Cookie: cookie } }
await axios.get('/api/user').then((res: any) => {
console.log('Success!')
}, (error: any) => {
console.log('Failed.', error.response.status)
redirect('/login', context)
})
}
render() {
return (
<C {...this.props} />
)
}
}
return AuthComponent
}
export default withAuth
这是服务器请求被记录的信息:
[Sun Apr 19 15:57:59 2020] GET /api/user HTTP/1.1
Accept: application/json
Connection: close
Content-Type: application/json
Host: localhost:8000
User-Agent: axios/0.19.2
这是客户端请求的样子:
[Sun Apr 19 15:57:34 2020] GET /api/user HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IldZUW1IaENEa2JDZFQ5U3BqUXRhWnc9PSIsInZhbHVlIjoidWhENG5FYzBjVitEYzg1NjUvVVlPbU1KU1paV3d2R1lDYmpSQU5TbG1JOGtuTkRFd3B0V01xd1VHbXU4U2tTRCIsIm1hYyI6ImQ0NzM4MTYxMWY0MjgzY2RkYzI5NDljMTJlNzQ0ZWUyNmE2YTI5OTRlMzRlMDIyYjA4OTI4OGQwYjM5ZTMzYzEifQ%3D%3D; spotlight_session=eyJpdiI6ImdLazdFSlROZFkzL1VIUG8vZkFrVkE9PSIsInZhbHVlIjoiWjlWS1pJMTVzWXBpWjBRVDhlalNZVDZoSkZ4clJvZ3RmcTZQeDFYNHZZU1Npcmk1WnJqcFd0NjgrQ1N1bTQrRSIsIm1hYyI6ImY0M2YwZTc3MmY4ZDliMjIyMGFmNTk5ZGRlZTc2NmFjZmIzNDU0NDNhZGY0ZTEwNmY0ZGFmNGM1N2M4MjE4YTUifQ%3D%3D; bgniOJhLpfaYHyn0IBvs8K9RY31ERwwnrsTBMrVE=eyJpdiI6IlhWbTd2eW5FcmVKM0RvZ3dlMWl6V1E9PSIsInZhbHVlIjoibTNqeUMwRUdmTXpCWXRJM3lWaHdkaVR5TW9aL3ovNHZyOGQvMU9VYmhUbUlHUjZLOFN3eW1uVklXVWJPY0kzcDREUlZScVRWYUdhY0RVZWNrMWNER3d3L0JPMCt6SC9IeEJ3bEE4dkd1YitvY2l0dkhQRHVIUVM4eVNEem9jVVpvcUJGZ0dZWDBOVFFVZ1I2d1RjQlR4c2JiQSt1UFM1bUdHN0IrZWZ6MnUxWGNydXlaOE9VWGw3TE9BS0VGVU1wY1dUYWJoV1BPTjFNNzZlNytQUm9NTXNoL0dsVWhHZ2FTczlvVjBaOE1GM1E4OStoYkd2eWx0RFUvQTFJVjhFTTJRS1I3MkRHOENqSitiMlpoTDhoaStuek9GdVRPZ2Q0QzFEdi9jZ2JtMyszNHkwWE9zdUFBMXhBeUp4K0llSnE0Q1VtaGpDT0lnREE0ZzZuYS81V0RLWFE1SUFzRGdaN2I4MDdpb3NRT2VvYW9zaVA4MUg0TlI0NWRYN2pmZEhySWdGUXV4eDR1MkpZRC9BWS9HaVdtWklhaDJHWUFJYTRmMnlySEtQOWsrST0iLCJtYWMiOiI5ZGU1Yjg0ZjIzY2EyMjM1YWNkZWY4OTUwOGI0MDM1YWRkYzRhNTM0MWY5YzUzMzk2YTBkMGVlNWFmNGVmMDBmIn0%3D
Host: localhost:8000
Origin: http://localhost:3000
Referer: http://localhost:3000/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
X-Xsrf-Token: eyJpdiI6IldZUW1IaENEa2JDZFQ5U3BqUXRhWnc9PSIsInZhbHVlIjoidWhENG5FYzBjVitEYzg1NjUvVVlPbU1KU1paV3d2R1lDYmpSQU5TbG1JOGtuTkRFd3B0V01xd1VHbXU4U2tTRCIsIm1hYyI6ImQ0NzM4MTYxMWY0MjgzY2RkYzI5NDljMTJlNzQ0ZWUyNmE2YTI5OTRlMzRlMDIyYjA4OTI4OGQwYjM5ZTMzYzEifQ==
Cookie: XSRF-TOKEN=F12pksvTI65uEAKfTMvsU5e9J9ADtXkewrqpBhOz; spotlight_session=bgniOJhLpfaYHyn0IBvs8K9RY31ERwwnrsTBMrVE; bgniOJhLpfaYHyn0IBvs8K9RY31ERwwnrsTBMrVE={"data":"a:4:{s:6:\"_token\";s:40:\"F12pksvTI65uEAKfTMvsU5e9J9ADtXkewrqpBhOz\";s:9:\"_previous\";a:1:{s:3:\"url\";s:36:\"http:\/\/localhost:8000\/api\/classrooms\";}s:6:\"_flash\";a:2:{s:3:\"old\";a:0:{}s:3:\"new\";a:0:{}}s:50:\"login_web_59ba36addc2b2f9401580f014c7f58ea4e30989d\";i:1;}","expires":1587344232}