“请求头字段授权不得”的错误 - Tastypie [英] 'Request header field Authorization is not allowed' error - Tastypie

问题描述

我在使用我的Tastypie资源ApiKeyAuthentication当我尝试做使用AJAX和Tastypie一个HTTP请求得到以下错误：

I am getting the following error while using ApiKeyAuthentication for my Tastypie resources when I try to do an HTTP request using AJAX and Tastypie:

XMLHttpRequest cannot load http://domain.com/api/v1/item/?format=json&username=popo&api_key=b83d21e2f8bd4952a53d0ce12a2314c0ffa031b1. Request header field Authorization is not allowed by Access-Control-Allow-Headers.

如何解决这个任何想法？

Any ideas on how to solve this?

下面是请求头从Chrome中：

Here are the request headers from Chrome:

Request Headersview source

Accept:*/*
Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.3

Accept-Encoding:gzip,deflate,sdch

Accept-Language:en-US,en;q=0.8

Access-Control-Request-Headers:
origin, authorization, access-control-allow-origin, accept, access-control-allow-headers

Access-Control-Request-Method:
GET

下面是响应头从Chrome中：

Here are the response headers from Chrome:

Response Headersview source

Access-Control-Allow-Headers:
Origin,Content-Type,Accept,Authorization

Access-Control-Allow-Methods:
POST,GET,OPTIONS,PUT,DELETE

Access-Control-Allow-Origin:*

Connection:keep-alive

Content-Length:0
Content-Type:
text/html; charset=utf-8

Date:Fri, 11 May 2012 21:38:35 GMT

Server:nginx

正如你所看到的，他们都有标题授权，但授权不工作。

As you can see, they both have headers for Authorization, yet authorization does not work.

下面是我使用编辑响应头Django的中间件：
https://gist.github.com/1164697

Here is the django middleware that I am using to edit the response headers: https://gist.github.com/1164697

编辑：
我想通了这个问题。我试图连接到www.domain.com，而且只接受domain.com

I figured out the problem. I was trying to connect to www.domain.com, and it only accepts domain.com

推荐答案

这是因为的同源策略。

您需要从同一个域使AJAX调用请求的地方去。或使服务器端更改，允许从外部域的请求。

You need to make AJAX call from same domain where request goes. Or make server-side changes, allowing requests from external domains.

要解决这个你需要允许外部域的头，使在 http://domain.com 在头部的变化：

To resolve this you need to make changes in headers at http://domain.com by allowing your external domain in headers:

Access-Control-Allow-Origin: *

这篇关于“请求头字段授权不得”的错误 - Tastypie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！