基本的HTTP授权标头

Question

I would like to set-up a basic HTTP-Authentication using JQuery on the client-side and Node.js on the server side. 我想使用客户端上的JQuery和服务器端上的Node.js设置基本的HTTP身份验证。 I have made the following Ajax request on the server side to set the headers: 我已在服务器端发出以下Ajax请求以设置标头：

$.ajax({
        type: "GET",
        url: URL_SLACK_SERVER,
        dataType: "json",
        beforeSend: function(xhr){
            xhr.setRequestHeader("Authorization", "Basic " +btoa("username:xxx") );
        },
        success:function(rsp){
            filterMessages(rsp);
        }
    });

Which I want to use on my server side using the basic-auth module: 我想在我的服务器端使用basic-auth模块使用：

var express = require('express');
var bodyParser = require('body-parser');
var auth = require('basic-auth');

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Authorization, Accept, Key");
  var cre = +auth(req);
  console.log('Auth: ' +cre.username);
  next();
});

But, doing this way, I encounter some issues: 但是，这样做会遇到一些问题：

I do not see that the header are set in the preflight OPTIONS HTTP request: 我看不到在预检OPTIONS HTTP请求中设置了标头：

OPTIONS /server HTTP/1.1 选项/ server HTTP / 1.1
Host: server.com 主机：server.com
Connection: keep-alive 连接：保持活动状态
Access-Control-Request-Method: GET 访问控制请求方法：GET
Origin: null 来源：null
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 用户代理：Mozilla / 5.0（Macintosh; Intel Mac OS X 10_11_1）AppleWebKit / 537.36（KHTML，例如Gecko）Chrome / 47.0.2526.111 Safari / 537.36
Access-Control-Request-Headers: accept, authorization 访问控制请求标头：接受，授权
Accept: / 接受： /
Accept-Encoding: gzip, deflate, sdch 接受编码：gzip，deflate，sdch
Accept-Language: en-US,en;q=0.8,fr;q=0.6 接受语言：en-US，en; q = 0.8，fr; q = 0.6

I got the following error, which I do not understand well: 我收到以下错误，但我不太了解：

Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response. 请求标头字段在飞行前响应中，Access-Control-Allow-Headers不允许进行授权。

Also, please note that the call from the client to the server is a cross-domain call, that's why there is these set headers written on the Node.js file. 另外，请注意，从客户端到服务器的调用是跨域调用，这就是为什么在Node.js文件上写入这些设置标头的原因。

How can I efficiently perform this basic HTTP-Authentication? 如何有效执行此基本HTTP身份验证？

Answer 1

Since your client and server are running on different domains, you need to configure the CORS header in your server to make it work. 由于您的客户端和服务器在不同的域上运行，因此您需要在服务器中配置CORS标头以使其工作。

You need to set the header "Access-Control-Allow-Origin:http://foo.example" or "Access-Control-Allow-Origin:*" in your server. 您需要在服务器中设置标题"Access-Control-Allow-Origin:http://foo.example"或"Access-Control-Allow-Origin:*" 。

Answer 2

Yes its a cors problem. 是的，这是一个核心问题。 When you enable cors in npm (Look for cors module and append it via npm) you can set a specific domain that is allowed. 在npm中启用cors（查找cors模块并通过npm附加它）时，您可以设置允许的特定域。 When you set this the basic authentication header will be send with the request. 设置此选项后，基本身份验证标头将与请求一起发送。 Look at this request: https://stackoverflow.com/a/18511690/3232739 查看此请求： https : //stackoverflow.com/a/18511690/3232739

基本的HTTP授权标头

问题描述

2 个解决方案

解决方案1
1 已采纳 2016-01-19 09:32:52

解决方案2
1 2016-01-19 09:35:44

基本的HTTP授权标头

问题描述

2 个解决方案

解决方案1 1 已采纳 2016-01-19 09:32:52

解决方案2 1 2016-01-19 09:35:44

解决方案1
1 已采纳 2016-01-19 09:32:52

解决方案2
1 2016-01-19 09:35:44