我正在尝试向用户发出cors ajax请求/登录以验证用户身份并发送回JWT令牌。选项请求返回200,而发布请求返回403,此错误因“缺少CSRF令牌Cookie”错误而被禁止。我正在使用chrome的cors插件。在我的UsersController.php的初始化函数中,我有$this->Auth->allow(['login']);
localhost:8765上的“ cakephp服务器”带有“ cake服务器”,而extjs服务器已在http://localhost:1841/上使用“ sencha app watch”启动了
LoginController.js
onLoginClick: function() {
this.getView().mask('Effettuando il login..');
var data = this.getView().down('form').getValues();
App.security.Firewall.login(data.username, data.password).then(function() {
this.getView().destroy();
Ext.create({
xtype: 'app-main'
});
this.getView().unmask();
}.bind(this), function(data) {
Ext.Msg.alert('Errore', data.message || 'Impossibile eseguire il login in questo momento.');
});
}
Firewall.js
login: function(username, password) {
var deferred = new Ext.Deferred();
Ext.Ajax.request({
url: 'http://localhost:8765/users/login',
method: 'POST',
params: {
'username': username,
'password': password
},
success: function (response) {
var data = Ext.decode(response.responseText);
if (data.token) {
App.security.TokenStorage.save(data.token);
deferred.resolve(data, response);
} else {
deferred.reject(data, response);
}
},
failure: function (response) {
var data = Ext.decode(response.responseText);
App.security.TokenStorage.clear();
deferred.reject(data, response);
}
});
return deferred.promise;
},
这就是我加载JWT Auth插件的方式
$this->loadComponent('Auth', [
'storage' => 'Memory',
'authenticate' => [
'ADmad/JwtAuth.Jwt' => [
'userModel' => 'Users',
'fields' => [
'username' => 'id'
],
'parameter' => 'token',
// Boolean indicating whether the "sub" claim of JWT payload
// should be used to query the Users model and get user info.
// If set to `false` JWT's payload is directly returned.
'queryDatasource' => true,
]
],
'unauthorizedRedirect' => false,
'checkAuthIn' => 'Controller.initialize',
// If you don't have a login action in your application set
// 'loginAction' to false to prevent getting a MissingRouteException.
'loginAction' => [
'controller' => 'Users',
'action' => 'login',
],
]);
最后这是用户路线
Router::scope('/users', function ($routes) {
$routes->setExtensions(['json']);
$routes->resources('Users');
});
“选项”网络标签:
一般
Request URL: http://localhost:8765/users/login
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: [::1]:8765
Referrer Policy: no-referrer-when-downgrade
响应头
Access-Control-Allow-Headers: x-requested-with
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Allow: POST, GET, OPTIONS, PUT, DELETE
Connection: close
Content-type: text/html; charset=UTF-8
Date: Wed, 03 Jul 2019 14:44:03 +0000
Host: localhost:8765
X-Powered-By: PHP/7.1.26
请求标头
Provisional headers are shown
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: POST
Origin: http://localhost:1841
Referer: http://localhost:1841/
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
“发布”网络标签:
一般
Request URL: http://localhost:8765/users/login
Request Method: POST
Status Code: 403 Forbidden
Remote Address: [::1]:8765
Referrer Policy: no-referrer-when-downgrade
响应头
Access-Control-Allow-Headers: x-requested-with
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Allow: POST, GET, OPTIONS, PUT, DELETE
Connection: close
Content-Type: text/html; charset=UTF-8
Date: Wed, 03 Jul 2019 14:44:08 +0000
Host: localhost:8765
X-DEBUGKIT-ID: 6d9d2319-d3a6-4022-a877-fb404d639081
X-Powered-By: PHP/7.1.26
请求标头
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:1841
Referer: http://localhost:1841/
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
X-Requested-With: XMLHttpRequest
我只想验证正在尝试登录的用户,并将其JWT令牌发送回客户端。目前,请求甚至没有“到达”登录功能。这是我第一次尝试创建登录系统