'请求头字段授权不允许'错误 - Tastypie [英] 'Request header field Authorization is not allowed' error - Tastypie
问题描述
XMLHttpRequest无法加载http://domain.com/api/v1/item/?format=json&username=popo&api_key=b83d21e2f8bd4952a53d0ce12a2314c0ffa031b1。请求头字段Access-Control-Allow-Headers不允许授权。
有关如何解决这个问题的任何想法?
以下是Chrome的请求标题:
请求头文件视图源
接受:* / *
Accept-Charset:
ISO-8859-1,utf-8; q = 0.7,*; q = 0.3
接受编码:gzip,deflate,sdch
接受语言:en-US,en; q = 0.8
访问控制请求标头:
起源,授权,访问控制允许起始,accept,access-control-allow-headers
访问控制请求方法:
GET
以下是Chrome的响应标题:
响应Headersview源
pre>
访问控制 - 允许标题:
源,内容类型,接受,授权
访问控制允许方法:
POST,GET,OPTIONS, PUT,DELETE
访问控制允许原产地:*
连接:保持活着
内容长度:0
内容类型:
text / html; charset = utf-8
日期:2012年5月11日,星期五21:38:35 GMT
服务器:nginx
如您所见,他们都有授权标题,但授权不起作用。
是我用来编辑响应头的django中间件:
https://gist.github.com / 1164697
编辑:
我想出了问题。我试图连接到www.domain.com,它只接受domain.com解决方案这是因为同源政策。
您需要请求来自同一个域的AJAX调用。或者进行服务器端更改,允许来自外部域的请求。
要解决此问题,您需要在 http://domain.com ,允许您的外部域名在标题中:
访问控制允许原点:*
阅读更多
I am getting the following error while using ApiKeyAuthentication for my Tastypie resources when I try to do an HTTP request using AJAX and Tastypie:
XMLHttpRequest cannot load http://domain.com/api/v1/item/?format=json&username=popo&api_key=b83d21e2f8bd4952a53d0ce12a2314c0ffa031b1. Request header field Authorization is not allowed by Access-Control-Allow-Headers.
Any ideas on how to solve this?
Here are the request headers from Chrome:
Request Headersview source Accept:*/* Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Access-Control-Request-Headers: origin, authorization, access-control-allow-origin, accept, access-control-allow-headers Access-Control-Request-Method: GET
Here are the response headers from Chrome:
Response Headersview source Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization Access-Control-Allow-Methods: POST,GET,OPTIONS,PUT,DELETE Access-Control-Allow-Origin:* Connection:keep-alive Content-Length:0 Content-Type: text/html; charset=utf-8 Date:Fri, 11 May 2012 21:38:35 GMT Server:nginx
As you can see, they both have headers for Authorization, yet authorization does not work.
Here is the django middleware that I am using to edit the response headers: https://gist.github.com/1164697
Edit: I figured out the problem. I was trying to connect to www.domain.com, and it only accepts domain.com
解决方案This happens because of Same origin policy.
You need to make AJAX call from same domain where request goes. Or make server-side changes, allowing requests from external domains.
To resolve this you need to make changes in headers at http://domain.com by allowing your external domain in headers:
Access-Control-Allow-Origin: *
Read more
这篇关于'请求头字段授权不允许'错误 - Tastypie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!