Angular 2 http未设置标头 [英] Angular 2 http not setting header

问题描述

我正在设置我的标头和http调用，如下所示：

I'm setting my header and http call like this:

 var headers = new Headers();
headers.set('Authorization','Bearer xxxxxxxxxxx'); 

this.http.get('http://localhost:8080/outputEndpoints', {
  headers: headers
}).
map(res => res.text())

.subscribe(
  data=> console.log(data),
  error=> console.log("Getting Error") 
);

有了这个，我预计标题是：

With this I'm expected the header to be:

Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:es,ca;q=0.8,en-GB;q=0.6,en;q=0.4,fr;q=0.2
Access-Control-Request-Headers:authorization, content-type
Authorization: "Bearer xxxxxxxxxxxx"
Access-Control-Request-Method:GET
Connection:keep-alive
Host:localhost:8080
Origin:http://localhost:3000
 Referer:http://localhost:3000/
 User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36    (KHTML,    like Gecko) Chrome/56.0.2924.87 Safari/537.36

相反，我得到以下内容（没有使用令牌授权）：

Instead I'm getting the following (no Authorization with the token):

Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:es,ca;q=0.8,en-GB;q=0.6,en;q=0.4,fr;q=0.2
Access-Control-Request-Headers:authorization, content-type
Access-Control-Request-Method:GET
Connection:keep-alive
Host:localhost:8080
Origin:http://localhost:3000
Referer:http://localhost:3000/
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36   (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

编辑：

一般信息是：

Request URL:http://localhost:8080/outputEndpoints
Request Method:OPTIONS
Status Code:401 
Remote Address:[::1]:8080

因此OPTIONS调用失败。在其他应用程序中，一旦OPTIONS调用被接受，它就会发出GET请求，您可以在其中找到已设置的身份验证令牌。这意味着由于某种原因，OPTION调用它不被接受。

So the OPTIONS call is failing. In other apps, once the OPTIONS call is accepted it makes the GET request in where you can find the Authentication token setted. That means that for some reason the OPTION call it's not being accepted.

使用CURL或SOAP UI进行调用时工作正常所以我认为这不是CORS的问题。我是对的？

When making calls with CURL or SOAP UI it works fine so I presume that it's not a problem with CORS. I'am right?

任何想法或指南都会非常有用。

Any idea or guide would be really helpful.

推荐答案

遵循本指南 http：// restlet。 com / blog / 2015/12/15 / understand-and-using-cors / 您可以阅读以下内容：

Following this guide http://restlet.com/blog/2015/12/15/understanding-and-using-cors/ you can read the following:

一个重要的评论。您必须考虑到，当执行包含安全性的
CORS请求（即授权标头）时，
OPTIONS请求将不包含它。因此，在处理预检的第一个OPTIONS请求时，您需要小心
安全性。
事实上，在
级别无法进行身份验证检查。

An important comment. You must take into account that, when executing CORS request containing security, i.e. an Authorization header, the OPTIONS request won’t contain it. So you need to be careful regarding security when handling the first OPTIONS requests of preflighted ones. As a matter of fact, no authentication check can be done at this level.

所以有第一个OPTION调用中没有Authorization标头。

So there is no Authorization header in the first OPTION call.

这篇关于Angular 2 http未设置标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！