AngularJS CORS请求自定义页眉 [英] AngularJS CORS request custom header

问题描述

我有我与AngularJS联合服务器上启用了麻烦CORS。我使用的角度1.2.16，这是我的服务器配置：

I'm having trouble getting CORS enabled on my server in combination with AngularJS. I'm using Angular 1.2.16 and this is my server config:

Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Content-Type, X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name, Authorization"
Header set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header set Access-Control-Allow-Credentials "true"

我可以使用以下请求：

I can use the following request:

$http.post(configuration.authUrl, {username: 'username', password: 'password'})
    .success(function (data) {
         $cookieStore.put(configuration.sessionName, {
             token: data.authenticationToken,
              user: data.user
         });
    })
    .error(function () {}));

因为这个请求不使用自定义标题。

since this request doesn't use a custom header.

当我后来尝试请求如下：
Balance.get（）与其余为：

When I afterwards try to request the following: Balance.get() with Balance being:

angular.module('portalApp')
    .factory('Balance', ['$resource', 'Auth', 'configuration', function ($resource, Auth, configuration) {
        return $resource(configuration.balanceUrl, {}, {
            get: {
                method: 'GET',
                isArray: false,
                headers: {
                    Authorization: Auth.getAuthToken()
                }
            }
        });
    }]);

我收到了 401未授权的balanceUrl。

I get a 401 Unauthorized on the balanceUrl.

在配置我已经把：

$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];

我甚至试图把 $ http.defaults.headers.common.Authorization = Auth.getAuthToken（）; 的 $资源之前在余额资源工厂，但没有帮助。

I even tried putting $http.defaults.headers.common.Authorization = Auth.getAuthToken(); before the $resource in the Balance resource factory but that didn't help.

的头被发送到preflight 选项的请求没有授权头，无不管我用什么方法。这些都是preflight的请求头选项请求。

The headers being sent to the preflight OPTIONS request don't have the Authorization header, no matter what method I use. These are the request headers of the preflight OPTIONS request.

OPTIONS /api/v1.0/user/orders HTTP/1.1
Host: host
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Request-Method: GET
Pragma: no-cache
Origin: origin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: referer
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

有什么建议？

推荐答案

经过大量的研究，我发现因为AngularJS或Apache配置的问题没有发生。这是在后端服务器应用程序（Java）的一个问题。的URL被限制为所有的HTTP方法，所以当AngularJS要执行preflight 选项请求，访问被拒绝和 401 返回。

After much research I found out the problem wasn't occurring because of the AngularJS or Apache configuration. It was a problem in the backend server app (Java). The urls were restricted for all HTTP methods, so when AngularJS wants to execute the preflight OPTIONS request, the access was denied and a 401 was returned.

这是固定做：

if(!authenticationService.isTokenValid(glueToken) && !((HttpServletRequest)servletRequest).getMethod().equals(HttpMethod.OPTIONS.toString()) ){
  response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
} else {
  filterChain.doFilter(servletRequest, servletResponse);
}

在代替：

if(!authenticationService.isTokenValid(glueToken)){
  response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
} else {
  filterChain.doFilter(servletRequest, servletResponse);
}

这篇关于AngularJS CORS请求自定义页眉的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！