我使用SlimFramework
当我用xampp运行我的脚本locali时,它运行正常。 但我将脚本上传到服务器,现在它解决了未设置标题的错误。
XHR不允许GET请求的有效负载。 或更改设置中的方法定义。
这里是角度
的脚本$rootScope.globals = $cookies.getObject('globals') || {};
if ($rootScope.globals.currentUser) {
$http.defaults.headers.common['Authorization'] = 'Basic ' + $rootScope.globals.currentUser.token;
}
$rootScope.$on('$locationChangeStart', function (event, next, current) {
var restrictedPage = $.inArray($location.path(), ['/login', '/register', '/password']) === -1;
var loggedIn = $rootScope.globals.currentUser;
if (restrictedPage) {
if (!loggedIn) {
$location.path('/login');
} else {
UserService.checkToken($rootScope.globals.currentUser.token)
.then(function (response) {
if (!response.success) {
$location.path('/login');
}
});
}
}
});
function checkToken(token) {
return $http.get('api/v1/token').then(handleCallback, handleCallback);
}
function handleCallback(res) {
console.log(res);
return res.data;
}
这里是SlimFramework的脚本
$config['displayErrorDetails'] = true;
$config['addContentLengthHeader'] = false;
$config['determineRouteBeforeAppMiddleware'] = true;
$app = new \Slim\App(["settings" => $config]);
$container = $app->getContainer();
// This is the middleware
// It will add the Access-Control-Allow-Methods header to every request
$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response
->withHeader('Access-Control-Allow-Origin', '*')
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
});
$app->get('/token', function ($request, $response){
$token = $request->getHeaderLine('Authorization');
if($token){
$db = new DbOperation();
if($db->checkAuthentication($token)){
$return = $response->withJson(["success"=> true], 200);
} else {
$return = $response->withJson([
"success"=> false,
"message"=>'Invalid token'
], 403);
}
} else {
$return = $response->withJson([
"success"=> false,
"message"=>'Header not set.'
], 403);
}
return $return;
});
我的问题是什么? 大家都知道吗?
THX
API测试的响应
HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 27 Mar 2017 11:57:27 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.30
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization
Access-Control-Allow-Methods: GET
X-Powered-By: PleskLin
答案 0 :(得分:1)
如果你想打开api来cors调用每个可能的来源(仅测试)试试这个:
$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response
->withHeader('Access-Control-Allow-Origin', '*')
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
});
或者有这个中间件也这样做:https://github.com/palanik/CorsSlim
答案 1 :(得分:1)
如果您不确定NG生成的标头名称是什么,您可以调试发送到SLIM的标头。在SLIM中,可以这样做:
$headers = $request->getHeaders();
foreach ($headers as $name => $values) {
echo $name . ": " . implode(", ", $values);
}
我使用jquery,我在全局标题中设置了标记,如下所示:
$.ajaxPrefilter(function( options, oriOptions, jqXHR ) {
jqXHR.setRequestHeader("Authorization", sessionStorage.token);
});
这将发送带有标题名称的标记:
HTTP_AUTHORIZATION
获取特定标头变量:
$token_array = $request->getHeader('HTTP_AUTHORIZATION');
if (count($token_array) == 0) {
$data = Array(
"jwt_status" => "token_not_exist"
);
return $response->withJson($data, 401)
->withHeader('Content-type', 'application/json');
}
$token = $token_array[0];