尝试POST到我的API时遇到此问题。它返回以下错误:
Uncaught Error.
{"meta":{"httpCode":403,"message":"Permission denied."},"data":[]}
我发送的身份验证适用于填充页面上数据表的AJAX GET。我想知道我的数据是否格式错误。 POST所需的数据只是名称和描述,所以我不相信我会留下任何东西。任何人都可以在此代码中看到任何可能导致403错误的错误吗?
var name = $('#name').text();
var description = $('#description').text();
$('#add-category').on('click', function() {
$.ajax({
type: "POST",
url: baseUrl + "api/categories",
headers: {
"Authorization": auth
},
data: {
"name": name,
"description": description
},
dataType: 'json',
contentType: 'application/json',
error: function(jqXHR, exception) {
var msg = '';
if (jqXHR.status === 0) {
msg = 'Not connected.\n Verify Network.';
} else if (jqXHR.status == 404) {
msg = 'Requested page not found. [404]';
} else if (jqXHR.status == 500) {
msg = 'Internal Server Error [500].';
} else if (exception === 'parsererror') {
msg = 'Requested JSON parse failed.';
} else if (exception === 'timeout') {
msg = 'Time out error.';
} else if (exception === 'abort') {
msg = 'Ajax request aborted.';
} else {
msg = 'Uncaught Error.\n' + jqXHR.responseText;
}
alert(msg);
},
success: function() {
table.draw();
}
});
});
感谢您的检查!
编辑:这是API的相关功能,我没有看到任何关于403错误的信息。也许我应该在API的其他地方看一下?
public function categories_post()
{
$this->requirePermission('categories.create');
if (!$postData = $this->post(null, false)) {
$this->errorResponse('Request missing category data in request body.', 405);
}
// @TODO Better Validation.
$postData = $this->xssClean($postData);
$category = $this->gameService->createCategory($postData);
$categoryData = $this->categoryHydrator->extract($category);
$this->response($categoryData, 200);
die;
}
权限:
protected function requirePermission($permission, $assertion = null)
{
if (!$this->rbac->isGranted($this->fixUser->ufUser->getRole(), $permission, $assertion)) {
$this->errorResponse('Permission denied.', 403);
die;
}
return true;
}
答案 0 :(得分:0)
403 http错误代码是框架(和其他人)在抛出非授权异常时返回的常见错误。
它可能来自您的应用程序的安全上下文(您的前端是否真正授权或是否需要登录?)
可以用于内部安全检查,例如您的函数requirePermission('categories.create');