axios 删除方法给出 403 [英] axios delete method gives 403
问题描述
我正在从我的 node-js 应用程序调用 delete 方法.
<块引用>它在 Postman 上运行良好,但在调用此 API 时给了我 403来自代码.
以下是我的示例代码片段:
const instance = axios.create();instance.interceptors.request.use((config) => {config.baseURL = 'https://test-dev.com/api/portfolio'config.headers = { '授权' : 'Bearer' + }返回配置;});instance.delete('/admin?users=').then(function(response) {console.log("已删除:"+);}).catch(函数(错误){console.log("删除失败,错误:" + error);}); 响应(来自spring security APP):
<块引用>无法验证提供的 CSRF 令牌,因为未找到您的会话
我以为 axios 已经处理过了.
如何在调用 delete 方法时在标头中传递这个值?
有什么帮助吗?
您可以:
1 - 使用 withCredentials 属性:
withCredentials: true所以:
axios.delete({url: 'https://test-dev.com/api/portfolio/admin?users=' + ,标头:{'授权':'承载'+<令牌>},withCredentials: 真}).then(函数(响应){console.log("已删除:"+);}).catch(函数(错误){console.log("删除失败,错误:" + error);}); <块引用>
XMLHttpRequest.withCredentials 属性是一个布尔值指示是否应该跨站点访问控制请求使用 cookie、授权标头或 TLS 等凭据制作客户证书.设置 withCredentials 对同站请求.
2 - 设置 CSRF 标头
要么:
headers: {'X-Requested-With': 'XMLHttpRequest','X-CSRF-TOKEN' : document.querySelector('meta[name="csrf-token"]').getAttribute('content')}或
headers: {'X-Requested-With': 'XMLHttpRequest','X-CSRFToken': '你的令牌在这里'}或者只是:
headers: {'X-Requested-With': 'XMLHttpRequest'}3 - 在可能的情况下自担风险禁用
看看 这篇文章
I am calling delete method from my node-js application.
Its working fine from Postman but giving me 403 while calling this API from code.
Below is my sample code snippet:
const instance = axios.create();
instance.interceptors.request.use((config) => {
config.baseURL = 'https://test-dev.com/api/portfolio'
config.headers = { 'Authorization' : 'Bearer ' + <TOKEN>}
return config;
});
instance.delete('/admin?users=<VALUE>').then(function(response) {
console.log("Deleted: "+<VALUE>);
}).catch(function (error) {
console.log("Deletion failed with error:" + error);
});
EDIT:
Response (Coming from spring security APP):
Could not verify the provided CSRF token because your session was not found
I thought this is already handled by axios.
How can i pass this value in headers while calling delete method?
Any help?
You could either:
1 - Use the withCredentials property:
withCredentials: true
so:
axios.delete({
url: 'https://test-dev.com/api/portfolio/admin?users=' + <VALUE>,
headers: { 'Authorization' : 'Bearer ' + <TOKEN>},
withCredentials: true
}).then(function(response) {
console.log("Deleted: "+<VALUE>);
}).catch(function (error) {
console.log("Deletion failed with error:" + error);
});
The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.
2 - Set CSRF headers
Either:
headers: {'X-Requested-With': 'XMLHttpRequest',
'X-CSRF-TOKEN' : document.querySelector('meta[name="csrf-token"]').getAttribute('content')}
or
headers: {'X-Requested-With': 'XMLHttpRequest',
'X-CSRFToken': 'your token here'}
or just:
headers: {'X-Requested-With': 'XMLHttpRequest'}
3 - Disable at own risk and if possible
Have a look at this article
这篇关于axios 删除方法给出 403的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
