我刚刚实现了Symfony2 LexikJWTAuthenticationBundle,当我尝试对用户进行身份验证时,我会继续收到以下响应,
XMLHttpRequest cannot load http://api.example.trunk/api/login_check. Response for preflight has invalid HTTP status code 404
奇怪的是,请求是否通过Postman工作,我得到一个令牌,所以我认为这可能与CORS有关?
我老老实实地用谷歌搜索并研究了我能想到的每一件事,但我并没有找到可能导致这种情况的原因。
security:
encoders:
User\UserBundle\Entity\User: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
database_users:
entity: { class: UserBundle:User }
in_memory:
memory:
users:
ryan:
password: ryanpass
roles: 'ROLE_USER'
admin:
password: kitten
roles: 'ROLE_ADMIN'
firewalls:
login:
pattern: ^/api/login
stateless: true
anonymous: true
form_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
api:
pattern: ^/api
stateless: true
lexik_jwt: ~
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
<VirtualHost *:80>
ServerName api.example.trunk
DocumentRoot /Users/user/Sites/example/web
UseCanonicalName Off
ErrorLog "/Users/user/Sites/logs/example-error_log"
CustomLog "/Users/user/Sites/logs/example-access_log" common
DirectoryIndex app_dev.php
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, content-type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Max-Age "1000"
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<Directory "/Users/user/Sites/example/web">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
General headers:
Request URL:http://api.example.trunk/api/login_check
Request Method:OPTIONS
Status Code:404 Not Found
Remote Address:127.0.0.1:80
Response headers:
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
Access-Control-Allow-Headers: x-requested-with, content-type, origin,
authorization, accept, client-security-token
Access-Control-Max-Age: 1000
Cache-Control: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Request headers:
OPTIONS /api/login_check HTTP/1.1
Host: api.example.trunk
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://localhost:3000
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://localhost:3000/
答案 0 :(得分:0)
对于有这个问题的人,这里是一个不推荐的解决方法,(我说不推荐,因为我相信必须有更好的解决方案)
<强> 1。添加onKernelResponse事件侦听器并将$ filterResponseEvent传递给其参数
<强> 2。请求方法为OPTIONS时覆盖默认标头状态代码:
<?php
/**
* Created by PhpStorm.
* User: aien
* Date: 8/19/16
* Time: 1:22 AM
*/
namespace Administration\SystemBundle\EventListener;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
class ApiHeaderListener
{
public function onKernelResponse(FilterResponseEvent $filterResponseEvent)
{
$headers = $filterResponseEvent->getResponse()->headers;
if ($filterResponseEvent->getRequest()->getMethod() == 'OPTIONS')
{
$res = $filterResponseEvent->getResponse();
$res->setStatusCode(200);
$filterResponseEvent->setResponse($res);
}
$headers->set('Access-Control-Allow-Origin', '*');
$headers->set('Access-Control-Allow-Methods', 'POST, GET, PUT, DELETE, PATCH, OPTIONS');
$headers->set('Access-Control-Allow-Headers', 'X-Requested-With, origin, content-type, accept');
}
}