Javascript 从浏览器发送http请求时缺少授权标头
我在nodejs中有一个带有jwt授权的应用程序,当我从posman发送get时,会找到身份验证头,但当我从浏览器发送时,会丢失授权头。 这是节点代码,我试图在verifyToken方法中获取授权标头,但不在其中:Javascript 从浏览器发送http请求时缺少授权标头,javascript,node.js,http,express,authorization,Javascript,Node.js,Http,Express,Authorization,我在nodejs中有一个带有jwt授权的应用程序,当我从posman发送get时,会找到身份验证头,但当我从浏览器发送时,会丢失授权头。 这是节点代码,我试图在verifyToken方法中获取授权标头,但不在其中: 'use strict'; var SwaggerExpress = require('swagger-express-mw'); var app = require('express')(); module.exports = app; // for testing var _
'use strict';
var SwaggerExpress = require('swagger-express-mw');
var app = require('express')();
module.exports = app; // for testing
var _ = require('lodash');
var jwt = require('jsonwebtoken'); // used to create, sign, and verify tokens
var config = {
appRoot: __dirname // required config
};
app.set('superSecret', config.secret); // secret variable
// bootstrap database connection and save it in express context
app.set("models", require("./api/model"));
var a = app.get("models").Role;
var repositoryFactory = require("./api/repository/RepositoryFactory").init(app);
var verifyToken = function (req, res, next) {
// verify token and read user from DB
// var token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiTm9tYnJlVXN1YXJpbyI6ImQiLCJQYXNzd29yZCI6IiQyYSQxMCRYS3BJM2ZDRVFoSzVKUFBQWEdIVVZPbUVPQTZsRVRoZDRtWHl4a0tDeGtUcEhvY0U0UTNILiIsImNyZWF0ZWRBdCI6IjIwMTYtMDktMDVUMTg6Mjk6MTYuMDAwWiIsInVwZGF0ZWRBdCI6IjIwMTYtMDktMDVUMTg6Mjk6MTYuMDAwWiIsInByb2Zlc2lvbmFsSWQiOm51bGwsInByb2Zlc2lvbmFsIjpudWxsLCJpYXQiOjE0NzMyNTczMjcsImV4cCI6MTQ3MzI5MzMyN30.CKB-GiuvwJsDAVnKsWb1FktI9tJY57lSgPRVEfW3pts';
var token = req.headers.authorization;
jwt.verify(token, 'shhhhh', function (err, decoded) {
if (err) {
res.status(403).json({ success: false, message: 'Failed to authenticate token.' });
} else {
// if everything is good, save to request for use in other routes
req.user = decoded;
next();
}
});
};
SwaggerExpress.create(config, function (err, swaggerExpress) {
if (err) { throw err; }
app.use(function (req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "X-CSRF-Token, X-Requested-With, Origin, client-security-token, X-Requested-With, Content-Type, Accept, Authorization");
res.setHeader('Content-Type', 'application/json');
res.setHeader('Access-Control-Allow-Credentials', true);
next();
});
app.use(verifyToken);
// install middleware
swaggerExpress.register(app);
var port = process.env.PORT || 10010;
app.listen(port);
});
我不知道我缺少什么配置。您需要在浏览器中设置这些标题,尝试使用这个名为ModHeader的chrome插件我认为如果您可以在verifyToken函数中更改代码会更容易:
var-token=req.headers.authorization
beenvar-token=req.headers.authorization | | | req.query.access|u-token | | req.body.access|u-token代码>
因此,在浏览器中,您可以在“access_token”查询参数中添加令牌,以在服务器中进行身份验证,而不是设置标头
希望对你有帮助 问题是我试图从OPTIONS方法获取授权令牌,该方法在实际的get、port、put等之前发送,此时是CORS请求。因此,我试图从中获取授权标头,但它不在那里,因此该方法失败。
解决方案是在验证令牌方法中设置如下验证:
if (req.method !== OPTIONS){
}
尝试在.htaccess中添加以下代码。Apache删除授权头。这将确保它不会被移除
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1