Https请求授权不通过Safari工作 [英] Https requests with Authorization not working via Safari
问题描述
上下文
使用Safari(IOS和MacOS)通过HTTPS授权标头(两者一起)的XHR请求无法到达服务器)。但它适用于IE,Chrome和Firefox。
XHR requests with Authorization header over HTTPS (both together) don't reach the server, using Safari (IOS and MacOS). But it works with IE, Chrome and Firefox.
我使用Letsencrypt生成的有效证书,浏览器不会显示有关它的警告。
I use a valid certificate generated by Letsencrypt and browsers don't display warnings about it.
在Safari的Web检查器上,这些XHR尝试获取结果直到超时并且没有显示错误。
On the web inspector of Safari, these XHRs try to get result until timeout and no errors displayed.
我有一个域而没有子域-域。
I have one domain and no sub-domain.
测试
- 授权标题+ HTTPS = >不工作
- 授权标头+无HTTPS(HTTP)=>工作
- 无授权标头+ HTTPS =>工作
代码
我使用拦截器来设置授权标头。
I use an interceptor to set authorization header.
this.request = (config) => {
config.headers = config.headers || {};
var authData = localStorageService.get('authorizationData');
if (authData && config.url && !config.url.endsWith("/token")) {
config.headers = {
"Authorization": 'Bearer ' + authData.access_token
};
config.withCredentials = true;
}
return config;
}
有没有遇到同样的问题?
Has anyone encountered the same problems ?
更新1
Safari + HTTPS +授权标题有问题。
如果我通过MyHeader重命名Authorization,并在服务器上进行一些修改以使用MyHeader令牌检索我的持票人令牌,一切正常。
There is something wrong with Safari + HTTPS + "Authorization" header. If I rename "Authorization" by "MyHeader", and doing some modification on server to retrieve my bearer token with "MyHeader" token, everything works well.
在safari中使用HTTPS,授权标题是受保护的单词吗?
Is "Authorization" header a protected word using HTTPS on safari ?
推荐答案
我还遇到了类似的safari问题,其中'授权标题中的'未在GET请求中发送,但结果很简单。
I also faced a similar problem with safari where 'Authorization' in the header was not sent in the GET request but it ended up in a simple thing.
我只是在请求URL的末尾添加了一个'/'它适用于我。
I simply appended a '/' at the end of the request URL and it worked for me.
例如:将URL从'/ token'更改为'/ token /'。
for eg: change URL from '/token' to '/token/'.
这篇关于Https请求授权不通过Safari工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
