Question

我创建了一个带有React前端的Spring Boot后端。

当我通过浏览器向后端发送HTTP请求时，我收到一个空标题的响应。
- Browser response with empty headers
当我通过POSTMAN工具发送HTTP请求时，报头已满！
- POSTMAN response with fullfilled headers

对我来说这没有意义。

代码： https://github.com/The-Taskmanager/SelfServiceWebwizard

后端映射

@PostMapping("/signin")

public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest) {

    Authentication authentication = authenticationManager.authenticate(
            new UsernamePasswordAuthenticationToken(
                    loginRequest.getUsernameOrEmail(),
                    loginRequest.getPassword()
            )
    );

    SecurityContextHolder.getContext().setAuthentication(authentication);

    String jwt = tokenProvider.generateToken(authentication);
    HttpHeaders headers = new HttpHeaders();
    headers.add("Mustermann", "Max");
    headers.add("Content-Type", "application/json");
    headers.add("Authorization", new JwtAuthenticationResponse(jwt).getAccessToken());
    return ResponseEntity.ok().headers(headers).body(new JwtAuthenticationResponse(jwt));

}

前端请求

login(username: string, password: string) {

    fetch('http://localhost:8080/api/auth/signin', {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json'
        },
        body: JSON.stringify({
            "usernameOrEmail": username,
            "password": password
        })
    }).then(response => {
        console.log(response);
        console.log(response.text());
        console.log(response.headers);
    })
        .catch(error => console.error(error));
}

UPDATE1： 添加了此方法，但浏览器中的标题仍然为空：

CorsConfigurationSource corsConfigurationSource() {
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    CorsConfiguration config = new CorsConfiguration().applyPermitDefaultValues();
    source.registerCorsConfiguration("/**", config);
    return source;
}

UPDATE2：

当我向React请求时，Spring Boot向我显示此错误：

ERROR 8876 --- [nio-8080-exec-4] c.s.jwt.JwtAuthenticationEntryPoint:  Responding with unauthorized error. Message - full authentication is required to access this resource

浏览器控制台：

当我向Postman请求时，Spring Boot不会显示错误。

UPDATE3：

React发送的请求标头：

{
host=[localhost:8080],
content-type=[application/json],
cache-control=[no-cache],
user-agent=[Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0],
accept-encoding=[gzip, deflate],
content-length=[58],
referer=[http://localhost:8080/],
origin=[http://localhost:8080],
dnt=[1],
connection=[keep-alive],
accept-language=[de,en-US;q=0.7,en;q=0.3],
accept=[*/*]
}

POSTMAN从POSTMAN控制台发送的请求标头：

host:"localhost:8080"
content-type:"application/json"
cache-control:"no-cache"
user-agent:"PostmanRuntime/7.1.5"
accept-encoding:"gzip, deflate"
content-length:68
postman-token:"b00fd7a8-bd34-4a32-8681-990b04012e3b"
cookie:"JSESSIONID=2CAEC9280432DD13AABA53B73B7874AC"
accept:"*/*"

Answer 1

自己解决。

更改了前端获取方法中的代码

console.log(response.headers)

// changed to:

console.log(response.headers.get('Authorization')

所以标题一直都在，但我无法用React将它们记录在浏览器控制台中。

尽管如此， UPDATE2 中仍存在Spring Boot（完全身份验证）和Browser（401）错误。不知道这是哪里来的。

浏览器中的HTTP响应标头为空，但填写了POSTMAN

1 个答案: