Symfony2 JWT身份验证在飞行前返回404 [英] Symfony2 JWT Authentication Returning 404 on Preflight
问题描述
我刚刚实现了Symfony2 LexikJWTAuthenticationBundle ,当我尝试对用户进行身份验证时,我会保留得到以下响应,
I've just implemented the Symfony2 LexikJWTAuthenticationBundle, and when I attempt to authenticate a user, I keep getting the following response,
XMLHttpRequest cannot load http://api.example.trunk/api/login_check. Response for preflight has invalid HTTP status code 404
奇怪的是,该请求确实可以通过邮递员运行,并且我得到了令牌,所以我认为这可能与CORS有关?
What's weird, is that the request does work via Postman, and I get a token, so I'm thinking that this could have something to do with CORS?
老实说,我已经在谷歌上搜索并研究了我可能想到的每件事,但是我离弄清楚是什么原因引起的.
I have honestly googled and researched every possible thing I could think of, but I am no closer to figuring out what could be causing this.
security:
encoders:
User\UserBundle\Entity\User: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
database_users:
entity: { class: UserBundle:User }
in_memory:
memory:
users:
ryan:
password: ryanpass
roles: 'ROLE_USER'
admin:
password: kitten
roles: 'ROLE_ADMIN'
firewalls:
login:
pattern: ^/api/login
stateless: true
anonymous: true
form_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
api:
pattern: ^/api
stateless: true
lexik_jwt: ~
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
example.trunk.conf
<VirtualHost *:80>
ServerName api.example.trunk
DocumentRoot /Users/user/Sites/example/web
UseCanonicalName Off
ErrorLog "/Users/user/Sites/logs/example-error_log"
CustomLog "/Users/user/Sites/logs/example-access_log" common
DirectoryIndex app_dev.php
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, content-type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Max-Age "1000"
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<Directory "/Users/user/Sites/example/web">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
请求/响应标题
General headers:
Request URL:http://api.example.trunk/api/login_check
Request Method:OPTIONS
Status Code:404 Not Found
Remote Address:127.0.0.1:80
Response headers:
HTTP/1.1 404 Not Found
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
Access-Control-Allow-Headers: x-requested-with, content-type, origin,
authorization, accept, client-security-token
Access-Control-Max-Age: 1000
Cache-Control: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Request headers:
OPTIONS /api/login_check HTTP/1.1
Host: api.example.trunk
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://localhost:3000
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://localhost:3000/
推荐答案
对于存在此问题的任何人,这是不推荐的解决方法,(我说不建议这样做,因为我相信必须有更好的解决方案)
For anyone out there having this problem, here is a NOT RECOMMENDED workaround, (I say not recommended because I believe there must be a better solution)
1.添加onKernelResponse事件监听器,并将$ filterResponseEvent传递给其参数
1. Add a onKernelResponse event listener and pass $filterResponseEvent to its arguments
2.当请求方法为OPTIONS
时,覆盖默认的标头状态代码:
2. Override the default header status code when the request method is OPTIONS
:
<?php
/**
* Created by PhpStorm.
* User: aien
* Date: 8/19/16
* Time: 1:22 AM
*/
namespace Administration\SystemBundle\EventListener;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
class ApiHeaderListener
{
public function onKernelResponse(FilterResponseEvent $filterResponseEvent)
{
$headers = $filterResponseEvent->getResponse()->headers;
if ($filterResponseEvent->getRequest()->getMethod() == 'OPTIONS')
{
$res = $filterResponseEvent->getResponse();
$res->setStatusCode(200);
$filterResponseEvent->setResponse($res);
}
$headers->set('Access-Control-Allow-Origin', '*');
$headers->set('Access-Control-Allow-Methods', 'POST, GET, PUT, DELETE, PATCH, OPTIONS');
$headers->set('Access-Control-Allow-Headers', 'X-Requested-With, origin, content-type, accept');
}
}
这篇关于Symfony2 JWT身份验证在飞行前返回404的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!