Question

我在AFHTTPSessionManager中使用AFNetworking 2.x.我发送的请求不需要身份验证。我可以在终端上通过curl请求获得预期的响应：

curl -v -H 'Content-Type: application/json' -X POST https://myapp.com/api/events/box-office/baskets/get-or-create/

HTTP/1.1 201 CREATED
Server: nginx/1.6.2
Date: Tue, 17 Nov 2015 04:09:23 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Cookie
X-Frame-Options: SAMEORIGIN
Allow: POST, OPTIONS

我知道我们可以通过以下方式删除身份验证标头：

manager.responseSerializer = [AFJSONResponseSerializer serializerWithReadingOptions:NSJSONReadingAllowFragments];
manager.requestSerializer = [AFJSONRequestSerializer serializer];
[manager.requestSerializer clearAuthorizationHeader];

但是如果我用AFHTTPSessionManager发出相同的POST请求似乎没有用，因为我会得到这个回复：

2015-11-16 21:10:58.011 myapp[48771:16036168] [Error] POST 'https://myapp.com/api/events/box-office/baskets/get-or-create/' (401) [4.6264 s]: Error Domain=com.alamofire.error.serialization.response Code=-1011 "Request failed: unauthorized (401)" UserInfo={com.alamofire.serialization.response.error.response=<NSHTTPURLResponse: 0x7fde11e90ed0> { URL: https://myapp.com/api/events/box-office/baskets/get-or-create/ } { status code: 401, headers {
Allow = "POST, OPTIONS";
Connection = "keep-alive";
"Content-Type" = "application/json";
Date = "Tue, 17 Nov 2015 04:10:54 GMT";
Server = "nginx/1.6.2";
"Transfer-Encoding" = Identity;
Vary = Cookie;
"Www-Authenticate" = "Basic realm=\"api\"";
"X-Frame-Options" = SAMEORIGIN;

这些线条引起了我的注意：

Request failed: unauthorized (401)
"Www-Authenticate" = "Basic realm=\"api\"";
"Transfer-Encoding" = Identity;

如果我发出上面显示的卷曲请求，我没有得到这些。我也不应该向服务器发送任何身份验证标头。如果我在curl请求中添加-u username：password（invalid credentials），我会收到类似的错误响应：

curl -v -H 'Content-Type: application/json' -X POST -u devb01@gmail.com:testtest https://myapp.com/api/events/box-office/baskets/get-or-create/

HTTP/1.1 401 UNAUTHORIZED
Server: nginx/1.6.2
Date: Tue, 17 Nov 2015 03:10:03 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Cookie
X-Frame-Options: SAMEORIGIN
* Authentication problem. Ignoring this.
WWW-Authenticate: Basic realm="api"
Allow: POST, OPTIONS

我想知道为什么AFHTTPSessionManager似乎在POST请求中嵌入了authenticate标头，我无法将其删除。任何想法都表示赞赏。

顺便说一句，我无法控制服务器代码......

删除AFNetworking验证标头

0 个答案: