Question

我正在对服务器进行CORS GET调用，并且Web客户端在响应上看不到授权标头。

我正在使用axios库进行其余的调用：

getReturn: function() {
  axios
    .get(
      "http://<cors url>/test",
      {
        params: {
          captcha: this.token,
          shipperEmail: this.shipperEmail,
          salesOrder: this.ereturn.invoice,
          consigneeEmail: this.ereturn.consignee.email
        },
        headers: {
          Authorization: "Bearer " + this.token
        }
      }
    )
    .then(response => {
      console.log(response);
      this.token = response.headers.authorization.split(" ")[1];
    })
    .catch(error => alert("something went wrong " + error));
},

我检查了chrome开发人员工具后，OPTIONS和GET请求均成功，并且GET响应具有我需要的Authorization标头：

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: http://<cors url>
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Vary: Origin
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3N1ZXJJZCI6Ii0xIiwiY291bnRyeSI6ImZha2UgY291bnRyeSIsInJvbGUiOiJTVEFGRiIsImFkZHJlc3MiOiJmYWtlIGFkZHJlc3MiLCJjaXR5IjoiZmFrZSBjaXR5IiwiaXNzIjoiZmFrZUNvbnNpZ25lZUBlbWFpbC5jb20iLCJza3VNYW5hZ2VtZW50IjpmYWxzZSwic3RhdGUiOiJmYWtlIHN0YXRlIiwidHlwZSI6IkNPTlNJR05FRSIsInBvcnRDb2RlIjoiZmFrZSBwb3J0IGNvZGUiLCJleHAiOjE1NjA0NzIyMTJ9.Z6HzgjPgg3sxJfxU9VCNIaTW6TDLnhNyrBDZqvAfhbM
Content-Type: application/json
Content-Length: 2163
Date: Thu, 13 Jun 2019 16:30:12 GMT

客户端无法执行此操作：

response.headers.authorization.split(" ")[1];

出现错误消息something went wrong TypeError: Cannot read property 'split' of undefined

问题：：为什么我在客户端运行的代码无法访问开发人员工具显示的Authorization标头标志？

谢谢

Answer 1

我的问题是Access-Control-Expose-Headers在Web服务器上配置错误：

Access-Control-Expose-Headers包含Web客户端可访问的标头标志的列表。因此，要解决此问题，我只需要更改：

Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials

到

Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Authorization

在我的tomcat配置中

Web客户端在响应时无法访问授权标头

1 个答案: