伪装成与Postman(?)类似的角度请求

时间:2018-12-06 13:19:17

标签: angular rest nginx http-post postman

我正在编写一个试图到达JIRA Cloud API的Angular应用程序。我碰到的最大障碍是CORS问题,使我无法检索数据。目前,我已经更改了Chrome设置,以忽略飞行前请求,并能够获取我所需的几乎所有数据。

问题是,为了获取问题的工作日志,我需要创建一个POST请求。这次,我收到“ XSRF检查失败”响应的403错误代码。在Angular中创建请求之前,我已经用Postman对其进行了测试,并且效果很好。

如果CORS与客户端有关,而与服务器无关(在这里可能就是这种情况),我如何“欺骗”服务器,以便它像邮递员发送的那样响应我的请求?现在,我尝试设置一个Nginx代理服务器,以便我的应用程序请求到localhost,然后将其从Nginx服务器代理到JIRA云。仍然不起作用。

除此一项POST之外的所有方法。

这是我的Angular 6 HttpService类方法:

getFullResponse(domain: string, projectName: string, credentials: Credentials) {
    console.log('GET FULL RESPONSE');

    return this.http.get('https://' + domain + '.atlassian.net/rest/api/3/project/' + projectName,
      {
        headers: new HttpHeaders({'Authorization': 'Basic ' + btoa(credentials.username + ':' + credentials.password)}),
        observe: 'response'
      }
    );
  }

  testGET(credentials: Credentials) {
    return this.http.get('http://localhost/worklog/deleted', {
      headers: new HttpHeaders({
        'Authorization': 'Basic ' + btoa(credentials.username + ':' + credentials.password),
        'Content-Type': 'application/json',
        'X-Atlassian-Token' : 'nocheck'
      }),
      observe: 'response'
    })
  }

  testPOST2(credentials: Credentials){
    console.log('HTTP POST TEST FIRED');

    return this.http.post('http://localhost/worklog/list', '{ \"ids\" : [ 10001, 10002 ]}', {
      headers: new HttpHeaders({
        'Authorization': 'Basic ' + btoa(credentials.username + ':' + credentials.password),
        'Content-Type': 'application/json',
        'X-Atlassian-Token' : 'nocheck'
      }),
      observe: 'response'
    })

这是我要使用的nginx.config文件:

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            proxy_pass https://thetestdomain.atlassian.net/rest/api/3/;

            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Methods "POST, GET, OPTIONS";
            add_header Access-Control-Allow-Headers "Origin, Authorization, Accept";
            add_header Access-Control-Allow-Credentials true;
        }
...
}

我对nginx完全陌生,这是我第一次尝试代理请求,因此这里可能出了一些问题。对于我的请求“假装”邮递员的请求,这甚至是正确的方法吗?

0 个答案:

没有答案
相关问题
最新问题