堆栈内存溢出
  简体   繁体   English

如何使用Service Worker为我的所有API请求添加Authorization标头,并且有意义吗?

[英]How can I, and does it make sense to, use a Service Worker to add an Authorization header to all my API requests?

 原文  2015-07-19 16:25:24       javascript/ polymer/ polymer-1.0/ service-worker

问题描述

Every request I make to an internal API requires an Authorization header. 我对内部API发出的每个请求都需要一个Authorization标头。 I am building a Polymer-based app using many web components, both private and third-party. 我正在使用许多Web组件构建基于Polymer的应用程序,包括私有和第三方。 I do nearly all of my AJAX calls through <iron-ajax> elements. 我通过<iron-ajax>元素完成了几乎所有的AJAX调用。 I know that I could create a custom component to achieve the centralization I'm looking for, but I was wondering if using a service worker to intercept requests to my api and add the required headers and any other manipulation or validation I might want would be viable, performant, or even possible. 我知道我可以创建一个自定义组件来实现我正在寻找的集中化,但我想知道是否使用服务工作者拦截对我的api的请求并添加所需的标头以及我可能想要的任何其他操作或验证可行的,高效的,甚至是可能的。 Especially because Polymer 1.0 doesn't support extending other components yet. 特别是因为Polymer 1.0不支持扩展其他组件。

1 个解决方案

解决方案1
 3 已采纳  2015-07-19 22:27:25

Think of the service worker script as a (java-)scriptable proxy — you could most certainly do any manipulation (including adding, removing and manipulating HTTP Headers) to your calls as long as the service worker controls the origin. 将服务工作者脚本视为(java-)可编写脚本的代理 - 只要服务工作者控制源,您就可以对调用执行任何操作(包括添加,删除和操作HTTP标头)。 And until your API calls are same-origin. 直到您的API调用是同源的。 Cross-Origin and other opaque request-y stuff gets trickier, but I don't think this applies to your use-case judging from how you described it so far. Cross-Origin和其他不透明的请求 - 东西变得比较棘手,但我不认为这适用于你的用例,从你到目前为止的描述来看。

The only problem with that approach is that you are basically limiting your app's scope to a single browser: Google Chrome (version 40+). 这种方法的唯一问题是您基本上将应用程序的范围限制在单个浏览器:Google Chrome(版本40+)。 If that's fine by you, feel free to go ahead with this, but since Firefox won't be supporting request capture (the fetch event) just yet, (even though service workers at this point seem to be finally landing in Firefox 43) , and you can't polyfill service workers — you will have to provide some fallback-mechanism in your page's JS code if you want to support any browser, other than Chrome 40+ at least for several months to come. 如果你没关系,可以随意使用它,但由于Firefox还不支持请求捕获( fetch事件), (尽管此时服务工作者似乎最终登陆Firefox 43) ,你不能填充工具服务人员-你必须提供在你的页面的JS代码一些回退机制,如果你想支持任何浏览器,Chrome以外的其他40多个至少几个月来。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在缓存中保存 service worker 有意义吗? - Does it make sense saving a service worker in cache? 如何在所有其他请求之前加载服务人员? - How do I load a service worker before all other requests? 如何使用 Service Worker 响应导航请求? - How to use service worker to respond to navigation requests? 如何为每个http请求添加一个Authorization标头? - How can I add an Authorization header to every http request? 如何在Service Worker中使用POST http方法? - How Can I use POST http method with Service Worker? 如何让我的 Django API 只接受来自我网站本身的请求? - How can I make my Django API only accept requests that come from my website itself? 如何在 angular 的 api 请求中使用授权 Header 令牌进行身份验证 - How to authenticate using Authorization Header Token in api requests in angular Google Places JavaScript API v3,如何将API密钥添加到请求中? - Google Places JavaScript API v3, how can I add my API key to requests? 如何在React Native访存中使用授权标头使用Yelp API进行获取请求 - How to use Authorization Header in React Native fetch to make a get request using Yelp API 将基本授权标头添加到某些请求 - Add Basic Authorization header to some requests
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM