“请求头字段授权不得”的错误 - Tastypie [英] 'Request header field Authorization is not allowed' error - Tastypie
问题描述
我在使用我的Tastypie资源ApiKeyAuthentication当我尝试做使用AJAX和Tastypie一个HTTP请求得到以下错误:
I am getting the following error while using ApiKeyAuthentication for my Tastypie resources when I try to do an HTTP request using AJAX and Tastypie:
XMLHttpRequest cannot load http://domain.com/api/v1/item/?format=json&username=popo&api_key=b83d21e2f8bd4952a53d0ce12a2314c0ffa031b1. Request header field Authorization is not allowed by Access-Control-Allow-Headers.
如何解决这个任何想法?
Any ideas on how to solve this?
下面是请求头从Chrome中:
Here are the request headers from Chrome:
Request Headersview source
Accept:*/*
Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:
origin, authorization, access-control-allow-origin, accept, access-control-allow-headers
Access-Control-Request-Method:
GET
下面是响应头从Chrome中:
Here are the response headers from Chrome:
Response Headersview source
Access-Control-Allow-Headers:
Origin,Content-Type,Accept,Authorization
Access-Control-Allow-Methods:
POST,GET,OPTIONS,PUT,DELETE
Access-Control-Allow-Origin:*
Connection:keep-alive
Content-Length:0
Content-Type:
text/html; charset=utf-8
Date:Fri, 11 May 2012 21:38:35 GMT
Server:nginx
正如你所看到的,他们都有标题授权,但授权不工作。
As you can see, they both have headers for Authorization, yet authorization does not work.
下面是我使用编辑响应头Django的中间件:
https://gist.github.com/1164697
Here is the django middleware that I am using to edit the response headers: https://gist.github.com/1164697
编辑:
我想通了这个问题。我试图连接到www.domain.com,而且只接受domain.com
I figured out the problem. I was trying to connect to www.domain.com, and it only accepts domain.com
推荐答案
这是因为的同源策略。
您需要从同一个域使AJAX调用请求的地方去。或使服务器端更改,允许从外部域的请求。
You need to make AJAX call from same domain where request goes. Or make server-side changes, allowing requests from external domains.
要解决这个你需要允许外部域的头,使在 http://domain.com 在头部的变化:
To resolve this you need to make changes in headers at http://domain.com by allowing your external domain in headers:
Access-Control-Allow-Origin: *
这篇关于“请求头字段授权不得”的错误 - Tastypie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!