'请求头字段授权不允许'错误 - Tastypie [英] 'Request header field Authorization is not allowed' error - Tastypie

问题描述

当我尝试使用AJAX和Tastypie执行HTTP请求时，我使用ApiKeyAuthentication来获取以下错误：

  XMLHttpRequest无法加载http://domain.com/api/v1/item/?format=json&username=popo&api_key=b83d21e2f8bd4952a53d0ce12a2314c0ffa031b1。请求头字段Access-Control-Allow-Headers不允许授权。 
  

有关如何解决这个问题的任何想法？

以下是Chrome的请求标题：

 请求头文件视图源
 
接受：* / * 
 Accept-Charset：
 ISO-8859-1，utf-8; q = 0.7，*; q = 0.3 
 
接受编码：gzip，deflate，sdch 
 
接受语言：en-US，en; q = 0.8 
 
访问控制请求标头：
起源，授权，访问控制允许起始，accept，access-control-allow-headers 
 
访问控制请求方法：
 GET 
  

以下是Chrome的响应标题：

 响应Headersview源
 
访问控制 - 允许标题：
源，内容类型，接受，授权
 
访问控制允许方法：
 POST，GET，OPTIONS， PUT，DELETE 
 
访问控制允许原产地：* 
 
连接：保持活着
 
内容长度：0 
内容类型：
 text / html; charset = utf-8 
 
日期：2012年5月11日，星期五21:38:35 GMT 
 
服务器：nginx 
  pre> 
 
 
如您所见，他们都有授权标题，但授权不起作用。
 
 
 
是我用来编辑响应头的django中间件：
  https://gist.github.com / 1164697  
 
 
 
编辑：
我想出了问题。我试图连接到www.domain.com，它只接受domain.com 
解决方案
这是因为同源政策。
 
 
 
您需要请求来自同一个域的AJAX调用。或者进行服务器端更改，允许来自外部域的请求。
 
 
 
要解决此问题，您需要在 http://domain.com ，允许您的外部域名在标题中：
 访问控制允许原点：* 
  
阅读更多 
 
I am getting the following error while using ApiKeyAuthentication for my Tastypie resources when I try to do an HTTP request using AJAX and Tastypie:
XMLHttpRequest cannot load http://domain.com/api/v1/item/?format=json&username=popo&api_key=b83d21e2f8bd4952a53d0ce12a2314c0ffa031b1. Request header field Authorization is not allowed by Access-Control-Allow-Headers.
Any ideas on how to solve this?

Here are the request headers from Chrome:
Request Headersview source

Accept:*/*
Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.3

Accept-Encoding:gzip,deflate,sdch

Accept-Language:en-US,en;q=0.8

Access-Control-Request-Headers:
origin, authorization, access-control-allow-origin, accept, access-control-allow-headers

Access-Control-Request-Method:
GET
Here are the response headers from Chrome:
Response Headersview source

Access-Control-Allow-Headers:
Origin,Content-Type,Accept,Authorization

Access-Control-Allow-Methods:
POST,GET,OPTIONS,PUT,DELETE

Access-Control-Allow-Origin:*

Connection:keep-alive

Content-Length:0
Content-Type:
text/html; charset=utf-8

Date:Fri, 11 May 2012 21:38:35 GMT

Server:nginx
As you can see, they both have headers for Authorization, yet authorization does not work.

Here is the django middleware that I am using to edit the response headers:
https://gist.github.com/1164697

Edit:
I figured out the problem. I was trying to connect to www.domain.com, and it only accepts domain.com
解决方案
This happens because of Same origin policy.

You need to make AJAX call from same domain where request goes. Or make server-side changes, allowing requests from external domains.

To resolve this you need to make changes in headers at http://domain.com by allowing your external domain in headers:
Access-Control-Allow-Origin: *
Read more

                        
这篇关于'请求头字段授权不允许'错误 -  Tastypie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！