如果Nginx正在代理Moqui应用程序,则标头中具有api_key的Rest API调用将失败 [英] Rest API call with api_key in header fails if nginx is proxying moqui application
问题描述
在8080端口上运行moqui并通过api直接访问
When run moqui on 8080 port, and access it directly by api
curl -X GET -H "api_key: {apiKey}" http://localhost:8080/rest/s1/example/examples/TEST2
它返回示例TEST2的json结果.
it returns json result of example TEST2.
但是当nginx放在mqoui应用程序的前面时.代理到 http://localhost:8080 ,则api访问将失败,并显示403
But when nginx is put in front of mqoui application. proxy to http://localhost:8080, then the api access fails with 403
{
"errorCode": 403,
"errors": "User null is not authorized for View on REST Path /example/examples/{exampleId}\nCurrent artifact info: [name:'/example/examples/{exampleId}', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: true, granted:false, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\nCurrent artifact stack:\n[name:'/example/examples', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'/example', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml/s1', type:'AT_XML_SCREEN_TRANS', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]"
}
看来webFacade无法通过api_key成功初始化userFacade,因为错误的用户为null.
It appears webFacade does not initialize userFacade by api_key successfully, since in errors user is null.
推荐答案
默认情况下,Nginx禁止在标题名称中使用下划线_. Moqui api使用包含下划线的api_key或login_key,因此api_key或login_key标头不会传递给后端moqui应用程序.
Nginx disallows underscore _ in the header name by default. Moqui api use api_key or login_key that contains underscore, so the api_key or login_key header is not passed to backend moqui application.
在nginx中的标题名称中启用下划线很简单,添加
Enable underscore in header name in nginx is simple, add
underscores_in_headers on;
http或nginx配置中的服务器指令中的
.
in http or server directive in nginx configuration.
这篇关于如果Nginx正在代理Moqui应用程序,则标头中具有api_key的Rest API调用将失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!