请求标头不是从Service Worker发送的 [英] Request headers not sent from Service Worker

问题描述

我正在尝试从服务工作者处获取Web服务。此服务是使用基本Apache身份验证保护的JSP，因此我必须提供凭据以在请求标头中进行身份验证。以下请求在主窗口中工作正常：

I'm trying to fetch a web service from a Service Worker. This service is a JSP secured with basic Apache authentication, so I must provide the credentials to authenticate in the request headers. The following request works just fine from the main window:

self.addEventListener('push', function(event) {
  console.log('Received a push message', event);

  event.waitUntil(
    fetch(ONLINE_SITE_ENDPOINT, {
    method: 'GET',
    mode: 'cors',
    headers: {
        'Accept': 'application/json',
        'Authorization': 'Basic btoa(auth info)'
    }
    }).then(function(response) {
        //process response
    }).catch(function(err) {

    })
  );
});

该代码进入一个event.waitUntil（）范围，进入一个从'push'调用的函数事件监听器。但是，同样的确切调用失败了401（未授权）。开发人员工具中的网络面板显示未发送标头：

That code is into an event.waitUntil() scope, into a function called from a 'push' event listener. However, the same exact call fails with a 401 (Unauthorized). The Network panel from the developer tools shows the headers are not being sent:

OPTIONS /latest-new.jsp HTTP/1.1
Host: {an accessible host}
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://localhost
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://localhost/service-worker.js
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

这里有什么遗漏？或者它只是无法从服务工作者那里实现？

Is there something missing here? or it just can't be achieved from a Service Worker?

一些额外的信息：因为服务工作者范围内的未定义而无法使用XMLHttpRequest 。
检索JSON之前JSP上的标头：

Some extra info: just can't use XMLHttpRequest since it is 'Not defined' on the service worker scope. The headers on the JSP before retrieving the JSON:

response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");

UPDATE：肯定会有来自服务工作者的身份验证标题，因为对非安全URL的请求不会失败。没有Apache授权的相同服务按预期工作。

UPDATE: definitely there is something with the authentication headers from the service workers, since the requests to non-secured URLs does not fails. The same service without Apache authorization works as expected.

推荐答案

您应该设置为允许的标题接受和授权

You should set as allowed headers also accept and authorization

response.setHeader(
  "Access-Control-Allow-Headers", 
  "x-requested-with, accept, authorization"
);

OPTIONS请求的响应体也应为空（确实没有必要，但是在这样的响应中没有用于身体的用例）和内容长度：应为0（零）

also body of the response for "OPTIONS" request should be empty (it is not necessary indeed, but there is no use case for body in such response) and Content-length: should be 0 (zero)

请注意，此请求不应传递给应用程序（您可以，但不需要）

Please note, that this request should not be passed to application (you can, but not need)

这篇关于请求标头不是从Service Worker发送的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！