AngularJS CORS请求自定义页眉 [英] AngularJS CORS request custom header
问题描述
我有我与AngularJS联合服务器上启用了麻烦CORS。我使用的角度1.2.16,这是我的服务器配置:
I'm having trouble getting CORS enabled on my server in combination with AngularJS. I'm using Angular 1.2.16 and this is my server config:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Content-Type, X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name, Authorization"
Header set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header set Access-Control-Allow-Credentials "true"
我可以使用以下请求:
I can use the following request:
$http.post(configuration.authUrl, {username: 'username', password: 'password'})
.success(function (data) {
$cookieStore.put(configuration.sessionName, {
token: data.authenticationToken,
user: data.user
});
})
.error(function () {}));
因为这个请求不使用自定义标题。
since this request doesn't use a custom header.
当我后来尝试请求如下: Balance.get()
与其余为:
When I afterwards try to request the following:
Balance.get()
with Balance being:
angular.module('portalApp')
.factory('Balance', ['$resource', 'Auth', 'configuration', function ($resource, Auth, configuration) {
return $resource(configuration.balanceUrl, {}, {
get: {
method: 'GET',
isArray: false,
headers: {
Authorization: Auth.getAuthToken()
}
}
});
}]);
我收到了 401未授权
的balanceUrl。
I get a 401 Unauthorized
on the balanceUrl.
在配置我已经把:
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
我甚至试图把 $ http.defaults.headers.common.Authorization = Auth.getAuthToken();
的 $资源之前
在余额
资源工厂,但没有帮助。
I even tried putting $http.defaults.headers.common.Authorization = Auth.getAuthToken();
before the $resource
in the Balance
resource factory but that didn't help.
的头被发送到preflight 选项
的请求没有授权
头,无不管我用什么方法。这些都是preflight的请求头选项
请求。
The headers being sent to the preflight OPTIONS
request don't have the Authorization
header, no matter what method I use. These are the request headers of the preflight OPTIONS
request.
OPTIONS /api/v1.0/user/orders HTTP/1.1
Host: host
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Request-Method: GET
Pragma: no-cache
Origin: origin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: referer
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
有什么建议?
推荐答案
经过大量的研究,我发现因为AngularJS或Apache配置的问题没有发生。这是在后端服务器应用程序(Java)的一个问题。的URL被限制为所有的HTTP方法,所以当AngularJS要执行preflight 选项
请求,访问被拒绝和 401
返回。
After much research I found out the problem wasn't occurring because of the AngularJS or Apache configuration. It was a problem in the backend server app (Java). The urls were restricted for all HTTP methods, so when AngularJS wants to execute the preflight OPTIONS
request, the access was denied and a 401
was returned.
这是固定做:
if(!authenticationService.isTokenValid(glueToken) && !((HttpServletRequest)servletRequest).getMethod().equals(HttpMethod.OPTIONS.toString()) ){
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
} else {
filterChain.doFilter(servletRequest, servletResponse);
}
在代替:
if(!authenticationService.isTokenValid(glueToken)){
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
} else {
filterChain.doFilter(servletRequest, servletResponse);
}
这篇关于AngularJS CORS请求自定义页眉的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!