“请求头字段授权不允许"错误 - Tastypie [英] 'Request header field Authorization is not allowed' error - Tastypie

问题描述

当我尝试使用 AJAX 和 Tastypie 执行 HTTP 请求时，将 ApiKeyAuthentication 用于我的 Tastypie 资源时出现以下错误:

I am getting the following error while using ApiKeyAuthentication for my Tastypie resources when I try to do an HTTP request using AJAX and Tastypie:

XMLHttpRequest cannot load http://domain.com/api/v1/item/?format=json&username=popo&api_key=b83d21e2f8bd4952a53d0ce12a2314c0ffa031b1. Request header field Authorization is not allowed by Access-Control-Allow-Headers.

关于如何解决这个问题的任何想法?

Any ideas on how to solve this?

以下是来自 Chrome 的请求标头:

Here are the request headers from Chrome:

Request Headersview source

Accept:*/*
Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.3

Accept-Encoding:gzip,deflate,sdch

Accept-Language:en-US,en;q=0.8

Access-Control-Request-Headers:
origin, authorization, access-control-allow-origin, accept, access-control-allow-headers

Access-Control-Request-Method:
GET

以下是来自 Chrome 的响应标头:

Here are the response headers from Chrome:

Response Headersview source

Access-Control-Allow-Headers:
Origin,Content-Type,Accept,Authorization

Access-Control-Allow-Methods:
POST,GET,OPTIONS,PUT,DELETE

Access-Control-Allow-Origin:*

Connection:keep-alive

Content-Length:0
Content-Type:
text/html; charset=utf-8

Date:Fri, 11 May 2012 21:38:35 GMT

Server:nginx

如您所见，它们都有用于授权的标头，但授权不起作用.

As you can see, they both have headers for Authorization, yet authorization does not work.

这是我用来编辑响应头的 django 中间件:https://gist.github.com/1164697

Here is the django middleware that I am using to edit the response headers: https://gist.github.com/1164697

我解决了这个问题.我试图连接到 www.domain.com，它只接受 domain.com

I figured out the problem. I was trying to connect to www.domain.com, and it only accepts domain.com

推荐答案

发生这种情况是因为 同源策略.

This happens because of Same origin policy.

您需要从请求到达的同一域进行 AJAX 调用.或者进行服务器端更改，允许来自外部域的请求.

You need to make AJAX call from same domain where request goes. Or make server-side changes, allowing requests from external domains.

要解决此问题，您需要通过允许外部域来更改 http://domain.com 的标头在标题中:

To resolve this you need to make changes in headers at http://domain.com by allowing your external domain in headers:

Access-Control-Allow-Origin: *

阅读更多

这篇关于“请求头字段授权不允许"错误 - Tastypie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！