使用Laravel 5,CORS和JWTAuth读取JWT令牌的授权头 [英] Reading Authorization header for JWT Token using Laravel 5, CORS, and JWTAuth
问题描述
我有一个很难的时间计算出来。我在我的Laravel 5 API上使用 JWTAuth ,我遇到了正在读取的令牌的问题。这是我知道和尝试:
I'm having a really hard time figuring this out. I am using JWTAuth on my Laravel 5 API and I'm having a problem with the token being read. This is what I know and tried:
我设置了我的CORS配置,以允许我的API路径的所有标题:
I have set my CORS configuration to allow all headers for my API path:
return array(
'defaults' => array(
'supportsCredentials' => false,
'allowedOrigins' => array(),
'allowedHeaders' => array(),
'allowedMethods' => array(),
'exposedHeaders' => array(),
'maxAge' => 0,
'hosts' => array(),
),
'paths' => array(
'api/*' => array(
'allowedOrigins' => array('*'),
'allowedHeaders' => array('*'),
'allowedMethods' => array('*'),
'maxAge' => 3600,
),
'*' => array(
'allowedOrigins' => array('*'),
'allowedHeaders' => array('Content-Type'),
'allowedMethods' => array('POST', 'PUT', 'GET', 'DELETE'),
'maxAge' => 3600,
'hosts' => array('api.*'),
),
),
);
我已将以下内容添加到apache的网站启用的conf文件:
I have added the following to apache's sites enabled conf file:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
我可以在Chrome工具中看到头文件以正确的格式传递回来, :Authorization:Bearer tokenstring
And I can see in Chrome tools that headers are being passed back with the correct token and in the correct format: Authorization : Bearer tokenstring
任何人都可以看到我可能做错了吗?有人知道这个问题吗?
Can anyone see what I may be doing wrong? Does anyone know of issues with this?
推荐答案
我看到我的问题在哪里。根据 JWTAuth Github网页上的文档:
I see where my issue is. According to the documentation on the JWTAuth Github page:
Apache用户注意
Apache似乎丢弃了授权头不是base64
编码的用户/传递组合。所以要解决这个问题你可以添加以下到
您的apache配置
Apache seems to discard the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your apache config
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
我认为apache配置意味着000-default.conf文件。我错了。事实上,这是假定要在.htaccess文件中完成。一旦完成... POOF ,一切正常!
I thought apache config meant the 000-default.conf file. I was in error. In fact this was suppose to be done in the .htaccess file. Once done... POOF, everything works!
这篇关于使用Laravel 5,CORS和JWTAuth读取JWT令牌的授权头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!