如果Nginx正在代理Moqui应用程序，则标头中具有api_key的Rest API调用将失败 [英] Rest API call with api_key in header fails if nginx is proxying moqui application

问题描述

在8080端口上运行moqui并通过api直接访问

When run moqui on 8080 port, and access it directly by api

curl -X GET -H "api_key: {apiKey}" http://localhost:8080/rest/s1/example/examples/TEST2

它返回示例TEST2的json结果.

it returns json result of example TEST2.

但是当nginx放在mqoui应用程序的前面时.代理到 http://localhost:8080 ，则api访问将失败，并显示403

But when nginx is put in front of mqoui application. proxy to http://localhost:8080, then the api access fails with 403

{
  "errorCode": 403,
  "errors": "User null is not authorized for View on REST Path /example/examples/{exampleId}\nCurrent artifact info: [name:'/example/examples/{exampleId}', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: true, granted:false, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\nCurrent artifact stack:\n[name:'/example/examples', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'/example', type:'AT_REST_PATH', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml/s1', type:'AT_XML_SCREEN_TRANS', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot/rest.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]\n[name:'component://webroot/screen/webroot.xml', type:'AT_XML_SCREEN', action:'AUTHZA_VIEW', required: false, granted:null, user:'null', authz:'null', authAction:'null', inheritable:false, runningTime:0]"
}

看来webFacade无法通过api_key成功初始化userFacade，因为错误的用户为null.

It appears webFacade does not initialize userFacade by api_key successfully, since in errors user is null.

推荐答案

默认情况下，Nginx禁止在标题名称中使用下划线_. Moqui api使用包含下划线的api_key或login_key，因此api_key或login_key标头不会传递给后端moqui应用程序.

Nginx disallows underscore _ in the header name by default. Moqui api use api_key or login_key that contains underscore, so the api_key or login_key header is not passed to backend moqui application.

在nginx中的标题名称中启用下划线很简单，添加

Enable underscore in header name in nginx is simple, add

underscores_in_headers on;

http或nginx配置中的服务器指令中的

.

in http or server directive in nginx configuration.

这篇关于如果Nginx正在代理Moqui应用程序，则标头中具有api_key的Rest API调用将失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！