Angularjs - 授权头在Safari中未添加 [英] Angularjs - Authorization header not added in Safari

问题描述

我在后面使用Django Django的+休息框架（DRF）和Angularjs构建UI目前正在建设一个Web应用程序。

I'm currently building a webapp using Django + Django Rest Framework (DRF) in the back and Angularjs to construct the UI.

所有请求都使用基本令牌认证是建设成DRF认证。我实现了一个基本的拦截在角添加令牌，其被存储在会话存储在登录后，向每个请求。这在谷歌浏览器罚款（我可以看到使用检查授权头实际上是添加到每个请求）和Firefox。然而在Safari头不会被添加到一些请求

All requests are authenticated using the basic token authentication that is build into DRF. I implemented a basic interceptor in Angular to add the token, which is stored in session storage after login, to each request. This works fine in Google Chrome (I can see that the Authorization header is actually added to each request using the inspector) and Firefox. However in Safari the header is not added to some requests.

首先，这是我使用的拦截器：

First of all, this is the interceptor I use:

app.factory('authInterceptor', ['$rootScope', '$q', '$window', function($rootScope, $q, $window){
    return {
        // This method adds the authentication token to each requests' header
        request: function(config){
            config.headers = config.headers || {};

            // add authentication token in header
            try {
                var token = $window.sessionStorage.token;
            } catch(err){
                token = undefined;
            }
            if(token !== undefined){
                config.headers.Authorization = 'Token ' + token;
            }
            return config;
        },
        response: function(response){
            if(response.status === 401){
                // user not authenticated
            }
            return response || $q.when(response);
        }
    };
}]);

一，让我在Safari头疼的特定资源的是：

One of the specific resources that gives me a headache in Safari is:

app.factory('Coach', ['$resource', '$rootScope',
    function($resource, $rootScope){
        return $resource(
            $rootScope.api_url + 'api/coaches/:coachId/?format=json',
            {
                coachId: '@id'
            }
            ,
            {
                getByUserId: {method:'GET', url: $rootScope.api_url + 'api/coaches', isArray:false},
                update: {method:'PUT'}
            }
        );
}]);

如果已经尝试添加withCredentials到getByUserId方法，但没有运气。

If have tried adding withCredentials to the getByUserId method but no luck.

我的拦截器正确被推到了$的HTTPService。我已验证令牌在Safari中的sessionStorage可用。我已打印令牌从拦截器控制台。不能让我的头解决这个问题。

My interceptor is properly pushed to the $httpService. I have verified that the token was available in Safari in the sessionStorage. I have printed the token to the console from the interceptor. Can't get my head around this issue.

有人吗？

推荐答案

最后在解决这个恼人的问题绊倒。原来，它实际上涉及到如何Angularjs尾随删除URL中的斜线和Django是如何需要的斜线来执行它的魔力。

Finally stumbled upon the solution to this annoying problem. It turned out that it was actually related to how Angularjs removes trailing slashes in url's and how Django needs those slashes to perform its magic.

由于在角最后的斜线被删除，服务器响应和301（永久移动）响应。 Django的休息框架，然后重定向请求到正确的URL（包括尾随下调）。然而，由于某种原因，在IE和Safari，认证令牌未被传递到该第二请求。还有就是你的问题。

Because the trailing slash in Angular was removed, the server responded with a 301 (permanently moved) response. The Django Rest Framework then redirected the request to the correct url (including trailing slashed). However, for some reason in both IE and Safari, the authentication tokens were not passed into this second request. And there's your problem.

希望这是任何帮助。

这篇关于Angularjs - 授权头在Safari中未添加的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！