将Chase Express.js 4的res.status(401)重定向到 [英] Chaining Express.js 4's res.status(401) to a redirect
问题描述
如果请求的用户未通过身份验证,我想发送一个401的回复代码,但是当请求是HTML请求时,我也想重定向。我发现Express 4不允许这样做:
I'd like to send a response code of 401 if the requesting user is not authenticated, but I'd also like to redirect when the request was an HTML request. I've been finding that Express 4 doesn't allow this:
res.status(401).redirect('/login')
有谁知道处理这个的方法吗?这可能不是Express的限制,因为我要求基本上通过两个标题,但是我不明白为什么会这样。我应该能够传递一个未认证的响应,并重定向所有用户一次。
Does anyone know of a way to handle this? This might not be a limitation of Express, since I'm asking to essentially pass two headers, but I don't see why that should be the case. I should be able to pass a "not authenticated" response and redirect the user all in one go.
推荐答案
有一些微妙的与发送新位置标题的方法不同。
There are some subtle diferences with the methods for sending back a new location header.
使用 重定向 :
app.get('/foobar', function (req, res) {
res.redirect(401, '/foo');
});
// Responds with
HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Location: /foo
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 33
Date: Tue, 07 Apr 2015 01:25:17 GMT
Connection: keep-alive
Unauthorized. Redirecting to /foo
app.get('/foobar', function (req, res) {
res.status(401).location('/foo').end();
});
// Responds with
HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Location: /foo
Date: Tue, 07 Apr 2015 01:30:45 GMT
Connection: keep-alive
Transfer-Encoding: chunked
使用 redirect 的原始(不正确)方法:
With the original (incorrect) approach using redirect:
app.get('/foobar', function (req, res) {
res.status(401).redirect('/foo')();
});
// Responds with
HTTP/1.1 302 Moved Temporarily
X-Powered-By: Express
Location: /foo
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 38
Date: Tue, 07 Apr 2015 01:26:38 GMT
Connection: keep-alive
Moved Temporarily. Redirecting to /foo
所以它看起来像 redirect 将放弃任何以前的状态代码并发送默认值(除非在方法调用中指定)。由于使用Express中的中间件,这是有道理的。如果您有一些全局中间件对所有请求进行预检(例如检查正确的接受头等),他们将不知道重定向请求。然而,认证中间件将会因此知道覆盖任何以前的设置来正确设置它们。
So it looks like redirect will abandon any previous status codes and send the default value (unless specified inside the method call). This makes sense due to the use of middleware within Express. If you had some global middleware doing pre-checks on all requests (like checking for the correct accepts headers, etc.) they wouldn't know to redirect a request. However the authentication middleware would and thus it would know to override any previous settings to set them correctly.
更新:正如下面的评论所述,尽管Express可以发送具有位置标题的4XX状态代码并不意味着客户端可以根据规格了解请求的可接受响应。事实上,大多数人会忽略位置标题,除非状态代码是3XX值。
UPDATE: As stated in the comments below that even though Express can send a 4XX status code with a Location header does not mean it is an acceptable response for a request client to understand according to the specs. In fact most will ignore the Location header unless the status code is a 3XX value.
这篇关于将Chase Express.js 4的res.status(401)重定向到的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
