在基于Express的服务器上设置授权请求标头时,我遇到很多麻烦。标题永远不会通过以下方式进入浏览器:
req.headers.authorization = signedJWT;
所以我尝试使用以下命令设置响应WWW-Authenticate标头:
res.set('WWW-Authenticate', signedJWT);
但是此标头仅显示在POST请求中,重定向后将不会保留。我成功保留请求的JWT的唯一方法是使用查询字符串。我宁愿不这样做,因为我知道可以直接写入标头。有什么我想念的吗?
相关代码位:
//Middleware
app.use((req, res, next)=>{
if (req.headers.authorization) {
var authedd = authenticate.checkToken(req.headers.authorization);
//Verify token and reset expiration in external module
authedd.then (resolve => {
token = resolve;
req.headers.authorization = resolve;
auth = true;
}, reason => {
token = null;
console.log(reason);
auth = false;
})
} else if (!req.headers.authorization) {
console.log('No token provided');
auth = false;
}
next();
});
//Login POST
app.post('/login', (req, res) => {
if (authed) {
console.log('Already logged in');
res.redirect(200, '/')
} else {
var userData = {
email: req.body.email,
pass: req.body.password,
userId: null,
}
var init = authenticate.auth(userData);
init.then((results) => {
req.headers.authorization = results;
res.set('WWW-Authenticate', results);
console.log(req.headers);
res.redirect(200, '/');
} , reason => {
console.log(reason);
res.render ('login', {
title: "Error",
passwordErr: 1
});
});
}});