Php 未设置标题-SlimFramework
我使用slim框架Php 未设置标题-SlimFramework,php,angularjs,api,cors,slim,Php,Angularjs,Api,Cors,Slim,我使用slim框架 $config['displayErrorDetails'] = true; $config['addContentLengthHeader'] = false; $config['determineRouteBeforeAppMiddleware'] = true; $app = new \Slim\App(["settings" => $config]); $container = $app->getContainer(); // This is the
$config['displayErrorDetails'] = true;
$config['addContentLengthHeader'] = false;
$config['determineRouteBeforeAppMiddleware'] = true;
$app = new \Slim\App(["settings" => $config]);
$container = $app->getContainer();
// This is the middleware
// It will add the Access-Control-Allow-Methods header to every request
$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response
->withHeader('Access-Control-Allow-Origin', '*')
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
});
$app->get('/token', function ($request, $response){
$token = $request->getHeaderLine('Authorization');
if($token){
$db = new DbOperation();
if($db->checkAuthentication($token)){
$return = $response->withJson(["success"=> true], 200);
} else {
$return = $response->withJson([
"success"=> false,
"message"=>'Invalid token'
], 403);
}
} else {
$return = $response->withJson([
"success"=> false,
"message"=>'Header not set.'
], 403);
}
return $return;
});
当我用xampp运行脚本locali时,它工作得很好。
但是我把脚本上传到服务器上,现在发现错误是没有设置头
XHR不允许GET请求的有效负载。
或在“设置”中更改方法定义
这里是有角度的脚本
$rootScope.globals = $cookies.getObject('globals') || {};
if ($rootScope.globals.currentUser) {
$http.defaults.headers.common['Authorization'] = 'Basic ' + $rootScope.globals.currentUser.token;
}
$rootScope.$on('$locationChangeStart', function (event, next, current) {
var restrictedPage = $.inArray($location.path(), ['/login', '/register', '/password']) === -1;
var loggedIn = $rootScope.globals.currentUser;
if (restrictedPage) {
if (!loggedIn) {
$location.path('/login');
} else {
UserService.checkToken($rootScope.globals.currentUser.token)
.then(function (response) {
if (!response.success) {
$location.path('/login');
}
});
}
}
});
这里是一个具有SlimFramework的脚本
$config['displayErrorDetails'] = true;
$config['addContentLengthHeader'] = false;
$config['determineRouteBeforeAppMiddleware'] = true;
$app = new \Slim\App(["settings" => $config]);
$container = $app->getContainer();
// This is the middleware
// It will add the Access-Control-Allow-Methods header to every request
$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response
->withHeader('Access-Control-Allow-Origin', '*')
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
});
$app->get('/token', function ($request, $response){
$token = $request->getHeaderLine('Authorization');
if($token){
$db = new DbOperation();
if($db->checkAuthentication($token)){
$return = $response->withJson(["success"=> true], 200);
} else {
$return = $response->withJson([
"success"=> false,
"message"=>'Invalid token'
], 403);
}
} else {
$return = $response->withJson([
"success"=> false,
"message"=>'Header not set.'
], 403);
}
return $return;
});
我有什么问题?
大家都知道吗
Thx
更新:
获取请求
API测试的响应
HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 27 Mar 2017 11:57:27 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.30
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization
Access-Control-Allow-Methods: GET
X-Powered-By: PleskLin
如果要打开对每个可能来源(仅测试)的api to cors调用,请尝试以下操作:
$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response
->withHeader('Access-Control-Allow-Origin', '*')
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
});
或者有这样一个中间件也可以这样做:如果您不确定NG生成的报头名称是什么,您可以调试发送给SLIM的报头。在SLIM中,可以这样做:
$headers = $request->getHeaders();
foreach ($headers as $name => $values) {
echo $name . ": " . implode(", ", $values);
}
$.ajaxPrefilter(function( options, oriOptions, jqXHR ) {
jqXHR.setRequestHeader("Authorization", sessionStorage.token);
});
我使用jquery,全局地在头中设置令牌,如下所示:
$headers = $request->getHeaders();
foreach ($headers as $name => $values) {
echo $name . ": " . implode(", ", $values);
}
$.ajaxPrefilter(function( options, oriOptions, jqXHR ) {
jqXHR.setRequestHeader("Authorization", sessionStorage.token);
});
将发送带有标头名称的令牌:
HTTP_AUTHORIZATION
要获取特定的标头变量,请执行以下操作:
$token_array = $request->getHeader('HTTP_AUTHORIZATION');
if (count($token_array) == 0) {
$data = Array(
"jwt_status" => "token_not_exist"
);
return $response->withJson($data, 401)
->withHeader('Content-type', 'application/json');
}
$token = $token_array[0];
您好,我想这就是您部署PHP的服务器,对吗?是的,这是我的测试服务器。但是Api脚本和angular在同一台服务器上。这两个都在tuerundraum.kbs02.cn上。呼叫是通过浏览器进行的,因此您的电脑是呼叫服务器的“来源”吗?等等,如果您的问题不在cors方面,您是否正在尝试发送一个包含GET请求的正文?你能发布实际http get调用的片段吗?不,我不发送带有get的正文。只有标题授权。我在源代码中用*测试了它,但它不起作用。错误是相同的。你能发布你对浏览器发出的http调用的质疑吗?(你可以通过chrome控制台获得)。因此,我们可以验证所有发送到顶部我的问题的标题