我正在为安全的API实现JWT。我的前端用Angular编码,后端用PHP编码。
我在标题中设置了授权问题。我正在使用我存储的JWT向服务器发送请求,但我不知道后端如何读取该标题
users.get = function(project){
var req = {
method: 'GET',
url: Global.url_api+'action=GET&table='+project+'_users',
headers: {
'Authorization': 'Bearer '+localStorage.getItem('tokenAPI')
}
}
console.log(req);
return $http(req);
我的服务器无法读取该标头,授权变量设置为“NULL”
我正在尝试阅读:
var_dump($_SERVER['HTTP_AUTHORIZATION']);
以下是我在浏览器中的请求:
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Host:
Origin: http://evil.com/
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36
看起来标题中没有设置授权,但我的令牌是由客户端生成并存储的,具有以下内容:
if(response.status == 200){ //Status 200 : Everything OK
var jwt_token = response.data.jwt;
localStorage.setItem('tokenAPI',jwt_token); //Set the token sent by server in localStorage
$scope.credentials = true; //Set visible the tab