使用自定义标头的GET请求失败。

huangapple go评论108阅读模式
英文:

Get request failed with custom header

问题

这是我的AngularJS代码(如果我删除header选项,它可以正常工作)。

$http.get(env.apiURL()+'/banks', {
	headers: {
		'Authorization': 'Bearer '+localStorageService.get('access_token')
	}
})

这是请求:

OPTIONS /banks HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://localhost:8081
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://localhost:8081/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,vi;q=0.6

以及响应:

HTTP/1.1 404 Not Found
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: http://localhost:8081
Content-Type: text/plain; charset=utf-8
Date: Mon, 17 Mar 2014 11:05:20 GMT
Content-Length: 19

我添加了AcceptAuthorization头,但请求仍然失败了。是大小写问题(即authorizationAuthorization)导致了失败吗?如果是的话,我该如何让AngularJS停止这样做?

if origin := req.Header.Get("Origin"); origin == "http://localhost:8081" {
	rw.Header().Set("Access-Control-Allow-Origin", origin)
	rw.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
	rw.Header().Set("Access-Control-Allow-Headers",
		"Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
}

Go服务器路由代码:

r := mux.NewRouter()
r.HandleFunc("/banks", RetrieveAllBank).Methods("GET")
    
http.ListenAndServe(":8080", r)
英文:

Here is my AngularJS code, (it works fine if I remove the header option).

$http.get(env.apiURL()+'/banks', {
	headers: {
		'Authorization': 'Bearer '+localStorageService.get('access_token')
	}
})

Here is the request:

OPTIONS /banks HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://localhost:8081
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://localhost:8081/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,vi;q=0.6

And response:

HTTP/1.1 404 Not Found
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: http://localhost:8081
Content-Type: text/plain; charset=utf-8
Date: Mon, 17 Mar 2014 11:05:20 GMT
Content-Length: 19

I added both Accept and Authorization header but the request still fails?
Does the capitalization (I mean authorization vs Authorization) result in that failure? If yes, how can I make AngularJS stop doing that?

if origin := req.Header.Get("Origin"); origin == "http://localhost:8081" {
	rw.Header().Set("Access-Control-Allow-Origin", origin)
	rw.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
	rw.Header().Set("Access-Control-Allow-Headers",
		"Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
}

Go server routing code:

r := mux.NewRouter()
r.HandleFunc("/banks", RetrieveAllBank).Methods("GET")
    
http.ListenAndServe(":8080", r)

答案1

得分: 8

好的,以下是翻译好的内容:

好的,问题是因为我忘记处理"OPTIONS"请求(为了使浏览器发送CORS,浏览器会首先发送一个预检请求OPTIONS,然后如果服务器接受,再发送真正的请求)。
我只需要修改我的Go服务器(请参考注释):

func main() {
    r := mux.NewRouter()
    r.HandleFunc("/banks", RetrieveAllBank).Methods("GET")
    http.ListenAndServe(":8080", &MyServer{r})
}

type MyServer struct {
    r *mux.Router
}

func (s *IMoneyServer) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
    if origin := req.Header.Get("Origin"); origin == "http://localhost:8081" {
        rw.Header().Set("Access-Control-Allow-Origin", origin)
        rw.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
        rw.Header().Set("Access-Control-Allow-Headers",
            "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
    }
    // 如果是预检请求OPTIONS,则在此处停止处理
    if req.Method == "OPTIONS" {
        return
    }
    // 让Gorilla处理
    s.r.ServeHTTP(rw, req)
}
英文:

OK, the issue because I fotgot to handle the "OPTIONS" request (to make a CORS browser will send a preflight OPTIONS request first and then the 'real' request if accepted by the server).
I only need to modify my Go server (see the comment):

func main() {
	r := mux.NewRouter()
	r.HandleFunc("/banks", RetrieveAllBank).Methods("GET")
	http.ListenAndServe(":8080", &MyServer{r})
}

type MyServer struct {
	r *mux.Router
}

func (s *IMoneyServer) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
	if origin := req.Header.Get("Origin"); origin == "http://localhost:8081" {
		rw.Header().Set("Access-Control-Allow-Origin", origin)
		rw.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
		rw.Header().Set("Access-Control-Allow-Headers",
			"Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
	}
	// Stop here if its Preflighted OPTIONS request
	if req.Method == "OPTIONS" {
		return
	}
	// Lets Gorilla work
	s.r.ServeHTTP(rw, req)
}

huangapple
  • 本文由 发表于 2014年3月17日 19:11:56
  • 转载请务必保留本文链接:https://go.coder-hub.com/22452804.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定