Php 未设置标题-SlimFramework

我使用slim框架

$config['displayErrorDetails'] = true;
$config['addContentLengthHeader'] = false;
$config['determineRouteBeforeAppMiddleware'] = true;

$app = new \Slim\App(["settings" => $config]);
$container = $app->getContainer();

// This is the middleware
// It will add the Access-Control-Allow-Methods header to every request


$app->add(function ($req, $res, $next) {
    $response = $next($req, $res);
    return $response
        ->withHeader('Access-Control-Allow-Origin', '*')
        ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
});


$app->get('/token', function ($request, $response){
    $token = $request->getHeaderLine('Authorization');
    if($token){
        $db = new DbOperation();
        if($db->checkAuthentication($token)){
            $return = $response->withJson(["success"=> true], 200);
        } else {
            $return = $response->withJson([
                "success"=> false,
                "message"=>'Invalid token'
            ], 403);
        }
    } else {
        $return = $response->withJson([
            "success"=> false,
            "message"=>'Header not set.'
        ], 403);
    }
    return $return;
});

当我用xampp运行脚本locali时，它工作得很好。 但是我把脚本上传到服务器上，现在发现错误是没有设置头

XHR不允许GET请求的有效负载。 或在“设置”中更改方法定义

这里是有角度的脚本

$rootScope.globals = $cookies.getObject('globals') || {};
    if ($rootScope.globals.currentUser) {
        $http.defaults.headers.common['Authorization'] = 'Basic ' + $rootScope.globals.currentUser.token;
    }

$rootScope.$on('$locationChangeStart', function (event, next, current) {
        var restrictedPage = $.inArray($location.path(), ['/login', '/register', '/password']) === -1;
        var loggedIn = $rootScope.globals.currentUser;
        if (restrictedPage) {
            if (!loggedIn) {
                $location.path('/login');
            } else {
                UserService.checkToken($rootScope.globals.currentUser.token)
                    .then(function (response) {
                        if (!response.success) {
                            $location.path('/login');
                        }
                    });

            }
        }
    });

---

这里是一个具有SlimFramework的脚本

$config['displayErrorDetails'] = true;
$config['addContentLengthHeader'] = false;
$config['determineRouteBeforeAppMiddleware'] = true;

$app = new \Slim\App(["settings" => $config]);
$container = $app->getContainer();

// This is the middleware
// It will add the Access-Control-Allow-Methods header to every request


$app->add(function ($req, $res, $next) {
    $response = $next($req, $res);
    return $response
        ->withHeader('Access-Control-Allow-Origin', '*')
        ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
});


$app->get('/token', function ($request, $response){
    $token = $request->getHeaderLine('Authorization');
    if($token){
        $db = new DbOperation();
        if($db->checkAuthentication($token)){
            $return = $response->withJson(["success"=> true], 200);
        } else {
            $return = $response->withJson([
                "success"=> false,
                "message"=>'Invalid token'
            ], 403);
        }
    } else {
        $return = $response->withJson([
            "success"=> false,
            "message"=>'Header not set.'
        ], 403);
    }
    return $return;
});

我有什么问题？ 大家都知道吗

Thx

更新： 获取请求

API测试的响应

HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 27 Mar 2017 11:57:27 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.30
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization
Access-Control-Allow-Methods: GET
X-Powered-By: PleskLin

---

如果要打开对每个可能来源（仅测试）的api to cors调用，请尝试以下操作：

$app->add(function ($req, $res, $next) {
    $response = $next($req, $res);
    return $response
        ->withHeader('Access-Control-Allow-Origin', '*')
        ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
});

---

或者有这样一个中间件也可以这样做：

如果您不确定NG生成的报头名称是什么，您可以调试发送给SLIM的报头。在SLIM中，可以这样做：

$headers = $request->getHeaders();
foreach ($headers as $name => $values) {
    echo $name . ": " . implode(", ", $values);
}

 $.ajaxPrefilter(function( options, oriOptions, jqXHR ) {
    jqXHR.setRequestHeader("Authorization", sessionStorage.token);
 }); 

我使用jquery，全局地在头中设置令牌，如下所示：

$headers = $request->getHeaders();
foreach ($headers as $name => $values) {
    echo $name . ": " . implode(", ", $values);
}

 $.ajaxPrefilter(function( options, oriOptions, jqXHR ) {
    jqXHR.setRequestHeader("Authorization", sessionStorage.token);
 }); 

将发送带有标头名称的令牌：

HTTP_AUTHORIZATION

要获取特定的标头变量，请执行以下操作：

   $token_array = $request->getHeader('HTTP_AUTHORIZATION');

   if (count($token_array) == 0) {
       $data = Array(
            "jwt_status" => "token_not_exist"
        );  

        return $response->withJson($data, 401)
                        ->withHeader('Content-type', 'application/json');                   
   }

    $token = $token_array[0];

---

您好，我想这就是您部署PHP的服务器，对吗？是的，这是我的测试服务器。但是Api脚本和angular在同一台服务器上。这两个都在tuerundraum.kbs02.cn上。呼叫是通过浏览器进行的，因此您的电脑是呼叫服务器的“来源”吗？等等，如果您的问题不在cors方面，您是否正在尝试发送一个包含GET请求的正文？你能发布实际http get调用的片段吗？不，我不发送带有get的正文。只有标题授权。我在源代码中用*测试了它，但它不起作用。错误是相同的。你能发布你对浏览器发出的http调用的质疑吗？（你可以通过chrome控制台获得）。因此，我们可以验证所有发送到顶部我的问题的标题