我希望有人可以帮助我解决以下问题。
我正在尝试从https://my.domain/
执行以下跨域请求var req = new XMLHttpRequest(); req.onload = reqListener;
req.open('GET','https://api.external.domain/',true);
req.withCredentials = "true"; req.setRequestHeader('authorization','');
req.setRequestHeader('cache-control','no-cache');
req.setRequestHeader('content-type','application/json');
req.send('{}');
function reqListener()
{
alert(this.responseText);
};
请求已被预定义(OPTIONS方法),并且API响应:
HTTP/1.1 200 OK
Access-Control-Expose-Headers: APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Global-Transaction-ID
Access-Control-Allow-Headers: authorization,cache-control,content-type,pragma
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://my.domain/
到目前为止,一切都很好。现在浏览器立即跟进GET请求,但是要使该请求成功,我需要它包含标题:
Authorization: bearer [redacted]
但是客户端的浏览器显然无法访问此令牌(?)。有什么办法可以从某个地方获取此令牌?我似乎在浏览器的本地存储中找不到它,它也不是cookie值。
任何帮助将不胜感激!