Question

我已经跟踪了这个问题：

var validateJwt = expressJwt({
  secret: config.secrets.session
});

使用最新版本的express-jwt

这是完整的文件

( auth.service.js from the angular-generator yeoman scafolding)

/**
 * Attaches the user object to the request if authenticated
 * Otherwise returns 403
 */
export function isAuthenticated() {
  return compose()
    // Validate jwt
    .use(function(req, res, next) {
      // allow access_token to be passed through query parameter as well
      if (req.query && req.query.hasOwnProperty('access_token')) {
        req.headers.authorization = 'Bearer ' + req.query.access_token;
      }
      console.log('In Auth Service');
      console.log('Secret=' + config.secrets.session);
      validateJwt(req, res, next);
    })
    // Attach user to request
    .use(function(req, res, next) {
      console.log('Attach User');
      User.findByIdAsync(req.user._id)
        .then(user => {
          if (!user) {
            return res.status(401).end();
          }
          req.user = user;
          next();
        })
        .catch(err => next(err));
    });
}

我在IE中看到“In Auth Service”登录，然后出现此错误：

   UnauthorizedError: No authorization token was found<br> &nbsp; &nbsp;at middleware (.../node_modules/express-jwt/lib/index.js:80:21)<br> &nbsp; &nbsp;at Middleware_Common_Object.&lt;anonymous&gt; (.../server/auth/auth.service.js:27:7)<br> &nbsp; &nbsp;at next (.../node_modules/composable-middleware/lib/composable-middleware.js:59:18)<br> &nbsp; &nbsp;at Middleware_Common_Object.middleware (.../node_modules/composable-middleware/lib/composable-middleware.js:76:7)<br> &nbsp; &nbsp;at middleware (.../node_modules/composable-middleware/lib/composable-middleware.js:31:25)<br> &nbsp; &nbsp;at Layer.handle [as handle_request] (.../node_modules/express/lib/router/layer.js:95:5)<br> &nbsp; &nbsp;at next (.../node_modules/expres

在Chrome和Firefox中，这很好用，我看到日志“附加用户”。

我不是快递或jwt（或javascript）专家，所以任何想法为什么这不适用于IE？我无法在IE11中登录我的应用程序。

Chrome标题：

头

{  
   "host":"localhost:9000",
   "connection":"keep-alive",
   "accept":"application/json, text/plain, */*",
   "x-xsrf-token":"XyZYPphsmONBmSrE1MoiMh4zcclJhvArkppVM=",
   "user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36",
   "authorization":"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJfaWQiOiI1NzE1ODg0MjEyZTU3OTFkMzEwZmQ1MTMiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE0NjQyODQwNDMsImV4cCI6MTQ2NDMwMjA0M30.YJj4LaHdhRtzfr0AdjTkZwTZM2M4B0YSoR3qactkq8o",
   "referer":"http://localhost:9000/login",
   "accept-encoding":"gzip, deflate, sdch",
   "accept-language":"en-US,en;q=0.8",
   "cookie":"connect.sid=s%3AZBJISBM2X82Odr1f763gL_hOJPCTy75G.ePulOt7zpqSQ6WHmPVqMKsjFVboteA8ALhBcR6f4J70; _gat=1; _ga=GA1.1.1107287728.1463674097; token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJfaWQiOiI1NzE1ODg0MjEyZTU3OTFkMzEwZmQ1MTMiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE0NjQyODQwNDMsImV4cCI6MTQ2NDMwMjA0M30.YJj4LaHdhRtzfr0AdjTkZwTZM2M4B0YSoR3qactkq8o; XSRF-TOKEN=XyZYPphsmONBmSrE1MoiMh4zcclJhvArkppVM%3D",
   "if-none-match":"W/\"2-11FxOYiYfpMxmANj4kGJzg\""
}

//身体是空的......

Body = {}

获取IE ...

IE11：头

{  
   "x-xsrf-token":"VnE872wcJGAcsDuqFPo4yX3eHCjib8+VuohJY=",
   "accept":"application/json, text/plain, /",
   "referer":"http://172.20.10.2:9000/login",
   "accept-language":"en-US",
   "accept-encoding":"gzip, deflate",
   "user-agent":"Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko",
   "host":"172.20.10.2:9000",
   "dnt":"1",
   "connection":"Keep-Alive",
   "cookie":"XSRF-TOKEN=VnE872wcJGAcsDuqFPo4yX3eHCjib8%2BVuohJY%3D; connect.sid=s%3A-cBMyw42buDZePLCriiGqddXI2YSg5Ow.HKcDCPksLX7PIYpp9O1XK2aDUh%2BycceyNywDN8TZOTU; _ga=GA1.4.1855210034.1464283317; _gat=1; token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJfaWQiOiI1NzE1ODg0MjEyZTU3OTFkMzEwZmQ1MTMiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE0NjQyODQwODgsImV4cCI6MTQ2NDMwMjA4OH0.-BF00BbZknsIjAcX-EDNMtwgKaw4UFDA-Ywm4-gTlNI"
}

//身体空 Body = {}

并弹出此错误。 UnauthorizedError：未找到授权令牌

添加Req.query（仅来自IE - 在Chrome上为空也为空）

负责人

{“x-xsrf-token”：“Q9WJPpcGYhLyBn1YX1I8asymB1rVtTfLN1ZJk =”，“accept”：“application / json，text / plain， / ”，“referer”：“http://172.20.10.2:9000/login “，”accept-language“：”en-US“，”accept-encoding“：”gzip，deflate“，”user-agent“：”Mozilla / 5.0（Windows NT 6.1; Trident / 7.0; rv：11.0） Gecko“，”主持人“：”172.20.10.2：9000“，”dnt“：”1“，”连接“：”Keep-Alive“，”cookie“：”_ ga = GA1.4.1855210034.1464283317; _gat = 1; XSRF-TOKEN = Q9WJPpcGYhLyBn1YX1I8asymB1rVtTfLN1ZJk％3D; connect.sid = S％3ANvaz9AfTMU3t0CDq-3aRzSIF7Uw_bmfh.GV6s5MXKpk3XiULQbmQrJR2w7QAuJxUb0BGCYfmjuic;标记= eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJfaWQiOiI1NzE1ODg0MjEyZTU3OTFkMzEwZmQ1MTMiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE0NjQyODg3NzcsImV4cCI6MTQ2NDMwNjc3N30.zCsSkIdHlcCmPUHvhNv5n2mkgQDhkxG9UO0sh3y-Y3c“} 身体=

{} ReqQuery

{}

///在尝试了Eric建议并实现与angular-fullstack代码上的修复程序相关的代码更改之后，我在IE上获得了这个头文件。（但遗憾的是没有登录 - 在/ api / user / me上获得了401.部分。我将在今天晚些时候恢复一些进一步的变化，我可能在昨晚做了太累了。

负责人

{“accept”：“application / json，text / plain， / “，”if-modified-since“：”Mon，26 Jul 1997 05:00:00 GMT“，”cache-control“：”no-cache“，”pragma“：”no -cache “ ”X-XSRF令牌“： ”Ajy7jYPUQj7Mnixtqq8rvJRyxj / pv6s2P36eo =“， ”引用者“： ”http://192.168.1.17:9000/login?auth_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.e%E2%80%8C%E2%80%8ByJfaWQiOiI1NzE1ODg0MjEyZTU3OTFkMzEwZmQ1MTMiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE0NjQyOD%E2%80%8C%E2%80%8BQwNDMsImV4cCI6MTQ2NDMwMjA0M30.YJj4LaHdhRtzfr0AdjTkZwTZM2M4B0YSoR3qactkq8o“， ”接受 - 语言“： ”的en-US，连接; q = 0.5“，” accept-encoding“：”gzip，deflate“，”user-agent“：”Mozilla / 5.0（Windows NT 10.0; WOW64; Trident / 7.0; rv：11.0），如Gecko“，”host“：”192.168.1.17：9000 “ ”DNT“： ”1“， ”连接“： ”保持活动“， ”饼干“：” XSRF-TOKEN = Ajy7jYPUQj7Mnixtqq8rvJRyxj％2Fpv6s2P36eo％3D; connect.sid = S％3A43OG6niC7AAUnnOQ2cnbZe0mW1Qx6Ag5.xi0KLw9FbkMOWIofcbuTXBNDGxZXfZu87XXDxZDNO6A; _ga = GA1.4.540511734.1464357176; _gat = 1;标记= eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJfaWQiOiI1NzE1ODg0MjEyZTU3OTFkMzEwZmQ1MTMiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE0NjQzNTc4NjIsImV4cCI6MTQ2NDM3NTg2Mn0.Si_4hZuntOLWwYpT2WGEKVpYi36WA3_aiuHZj7445LY“}

身体= {} 请求查询= {}

///添加我认为添加授权标头的代码我非常感谢每个人与我一起调查此事！

function authInterceptor($rootScope, $q, $cookies, $injector, Util) {
  var state;
  return {
    // Add authorization token to headers
    request(config) {
      config.headers = config.headers || {};
      if ($cookies.get('token') && Util.isSameOrigin(config.url)) {
        config.headers.Authorization = 'Bearer ' + $cookies.get('token');
      }
      return config;
    },

    // Intercept 401s and redirect you to login
    responseError(response) {
      if (response.status === 401) {
        (state || (state = $injector.get('$state'))).go('login');
        // remove any stale tokens
        $cookies.remove('token');
      }
      return $q.reject(response);
    }
  };
}

Answer 1

我认为你在angular-fullstack中偶然发现了这个已知问题：https://github.com/angular-fullstack/generator-angular-fullstack/issues/1880

该线程还显示了在最新源代码中提交的修复，您可以在生成的代码中手动实现（在代码中注释端口号检查，否则在IE中失败）。

Express-jwt投掷UnathorizedError：当Chrome和Firefox工作时，IE11中没有找到授权令牌

1 个答案: