请求标头不是从Service Worker发送的 [英] Request headers not sent from Service Worker
问题描述
我正在尝试从服务工作者处获取Web服务。此服务是使用基本Apache身份验证保护的JSP,因此我必须提供凭据以在请求标头中进行身份验证。以下请求在主窗口中工作正常:
I'm trying to fetch a web service from a Service Worker. This service is a JSP secured with basic Apache authentication, so I must provide the credentials to authenticate in the request headers. The following request works just fine from the main window:
self.addEventListener('push', function(event) {
console.log('Received a push message', event);
event.waitUntil(
fetch(ONLINE_SITE_ENDPOINT, {
method: 'GET',
mode: 'cors',
headers: {
'Accept': 'application/json',
'Authorization': 'Basic btoa(auth info)'
}
}).then(function(response) {
//process response
}).catch(function(err) {
})
);
});
该代码进入一个event.waitUntil()范围,进入一个从'push'调用的函数事件监听器。但是,同样的确切调用失败了401(未授权)。开发人员工具中的网络面板显示未发送标头:
That code is into an event.waitUntil() scope, into a function called from a 'push' event listener. However, the same exact call fails with a 401 (Unauthorized). The Network panel from the developer tools shows the headers are not being sent:
OPTIONS /latest-new.jsp HTTP/1.1
Host: {an accessible host}
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://localhost
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://localhost/service-worker.js
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
这里有什么遗漏?或者它只是无法从服务工作者那里实现?
Is there something missing here? or it just can't be achieved from a Service Worker?
一些额外的信息:因为服务工作者范围内的未定义而无法使用XMLHttpRequest 。
检索JSON之前JSP上的标头:
Some extra info: just can't use XMLHttpRequest since it is 'Not defined' on the service worker scope. The headers on the JSP before retrieving the JSON:
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
UPDATE:肯定会有来自服务工作者的身份验证标题,因为对非安全URL的请求不会失败。没有Apache授权的相同服务按预期工作。
UPDATE: definitely there is something with the authentication headers from the service workers, since the requests to non-secured URLs does not fails. The same service without Apache authorization works as expected.
推荐答案
您应该设置为允许的标题接受和授权
You should set as allowed headers also accept and authorization
response.setHeader(
"Access-Control-Allow-Headers",
"x-requested-with, accept, authorization"
);
OPTIONS请求的响应体也应为空(确实没有必要,但是在这样的响应中没有用于身体的用例)和内容长度:
应为0(零)
also body of the response for "OPTIONS" request should be empty (it is not necessary indeed, but there is no use case for body in such response) and Content-length:
should be 0 (zero)
请注意,此请求不应传递给应用程序(您可以,但不需要)
Please note, that this request should not be passed to application (you can, but not need)
这篇关于请求标头不是从Service Worker发送的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!