[英]Can't set an HTTP Basic Auth header in AngularJS
I wrote the following controller for testing out HTTP Basic Auth using Angular JS. 我编写了以下控制器,用于使用Angular JS测试HTTP Basic Auth。
function TestCtrl($scope, $http, Base64){
$http.defaults.headers.common.Authorization = 'Basic ' + Base64.encode('admin:secret');
$http.jsonp( 'http://localhost:5000/test'+'/?callback=JSON_CALLBACK', {query:{isArray:true }}).
then(function (response) {
$scope.test = response.data;
});
}
I can see the header being set when i console.log($http.defaults.headers)
. 我可以在
console.log($http.defaults.headers)
设置标题。 But when i check the request headers using Chrome Developer Toolbar or Firebug in Firefox, i don't see the Authorization header. 但是,当我使用Chrome开发者工具栏或Firefox中的Firebug检查请求标头时,看不到授权标头。
The server receiving the request doesn't get the Authorization header. 接收请求的服务器未获得授权标头。
What i am doing wrong here ? 我在这里做错了什么?
I believe the answer is "Yes, for regular AJAX requests you should be able to set the proper auth headers" . 我相信答案是“是的,对于常规AJAX请求,您应该能够设置适当的auth标头” 。
However, you're not making a standard XHR call when you use JSONP (based on the example), which changes the answer to "No" . 但是,当您使用JSONP(基于示例)时,您不会进行标准的XHR调用, 这会将答案更改为“ No” 。
If you're stuck using JSONP, I don't think you can send any auth headers. 如果您坚持使用JSONP,我认为您无法发送任何身份验证标头。 JSONP simply doesn't work the same as Angular's
$http.get
for example. JSONP与Angular的
$http.get
根本不一样。
See http://schock.net/articles/2013/02/05/how-jsonp-really-works-examples/ for the details, but the short version is JSONP puts down a <script>
tag that fetches some data. 有关详细信息,请参见http://schock.net/articles/2013/02/05/how-jsonp-really-works-examples/ ,但简短的版本是JSONP放置了一个
<script>
标记以获取一些数据。 The data returned calls the function you provide ( JSON_CALLBACK
in your example) around the data that the server provides. 返回的数据围绕服务器提供的数据调用您提供的函数(在示例中为
JSON_CALLBACK
)。 Because of that, you can't change the headers -- the request is an HTTP GET request exactly as if you'd pasted the URL for the script tag into your browser's location bar. 因此,您无法更改标头-该请求是一个HTTP GET请求,就像您将script标签的URL粘贴到浏览器的位置栏中一样。
JJ answered it perfectly. JJ回答得很完美。
For more information for those browsing, if you just need to pass the Basic Authorization header, you can simply place a username and password at the beginning of the URL. 有关这些浏览的更多信息,如果仅需要传递基本授权标头,则只需在URL的开头放置一个用户名和密码即可。 This will send the header.
这将发送标题。
For example, using localhost as the URL and admin:secret as the username:password, change: 例如,使用localhost作为URL,使用admin:secret作为username:password,更改:
http://localhost:5000
to: 至:
http://admin:secret@localhost:5000
Note: @OliBlogger has pointed out that the latest version of Chrome no longer supports this feature. 注意: @OliBlogger指出,最新版本的Chrome不再支持此功能。 Check his comment for a link to the actual Chrome status update.
查看他的评论,获取指向实际Chrome状态更新的链接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.