堆栈内存溢出
  简体   繁体   English

添加自定义http标头时,不保存Angular2 httponly cookie

[英]Angular2 httponly cookie not saved when adding custom http headers

 原文  2017-06-20 13:17:45       ionic2/ cors/ angular2-http/ cookie-httponly/ angular2-headers

问题描述

I've came to dead end with implementing and handling CORS issues between Angular2 application and Java backend API. 在Angular2应用程序和Java后端API之间实现和处理CORS问题,我已经走到了尽头。

I am aware and know what are CORS requests, have implemented already in angular1 apps, but I can't make it work in Angular2 (Ionic2) app. 我知道并知道什么是CORS请求,已经在angular1应用程序中实现,但我不能使它在Angular2(Ionic2)应用程序中工作。

The ionic 2 app should consume an existing API web service, which already have enabled everything for making CORS requests and the authentication is done with Http only cookie... already implemented in Angular 1. 离子2应用程序应该使用现有的API Web服务,该服务已经启用了用于发出CORS请求的所有内容,并且身份验证仅使用Http only cookie ...已经在Angular 1中实现。

For some reason when we are setting headers in the request, Angular2 set " withCredentials " flag to false or not send at all, and the request is made to the api but the cookie is not returned... and we can't make authenticated API calls. 出于某种原因,当我们在请求中设置标头时,Angular2将“ withCredentials ”标志设置为false或者根本不发送,并且请求发送到api但是不返回cookie ...我们无法进行身份验证API调用。 I've tried many, many things to send together http headers and "withCredentials" flag together, but nothing seems to work in Angular2, while in Angular1 works fine. 我已经尝试了许多很多东西将http标头和“withCredentials”标志一起发送,但是Angular2似乎没有任何效果,而在Angular1中工作正常。 All headers that we are sending are allowed by the server and they are returned in "Access-Control-Allow-Headers" in the response. 我们发送的所有标头都被服务器允许,并在响应中的“Access-Control-Allow-Headers”中返回。

Funny thing is that if I try to send requests with "withCredentials" only flag, the requests are send ok and the cookie is set correctly by the browser. 有趣的是,如果我尝试使用“withCredentials”only flag发送请求,则请求发送正常并且浏览器正确设置cookie。

I've tried following things: 我试过以下事情:

  1. Create custom http class, like described here: http://www.adonespitogo.com/articles/angular-2-extending-http-provider/ 创建自定义http类,如下所述: http//www.adonespitogo.com/articles/angular-2-extending-http-provider/

  2. Extending the like BrowserXhr class and setting "withCredentials" to true like described here: Angular 2 - http get withCredentials 扩展类似于BrowserXhr的类并将“withCredentials”设置为true,如下所述: Angular 2 - http get withCredentials

  3. Setting directly in the RequestOptions like here: angular 2 http withCredentials 直接在RequestOptions中设置,例如: angular 2 http withCredentials

  4. Extend BaseRequestOptions (RequestOptions) like here: Angular2 - set headers for every request 像这里扩展BaseRequestOptions(RequestOptions): Angular2 - 为每个请求设置标头

Example Code: 示例代码: 

import { Injectable } from '@angular/core';
import { Headers, RequestOptions } from '@angular/http';

@Injectable()
export class DefaultRequestOptions extends RequestOptions {

    withCredentials:boolean = true;

    // headers:Headers = new Headers({
    //     'Accept': 'application/json, text/plain, */*',
    //     'Authorization': 'sometoken',
    // });

    constructor() {
        super();
        if(!this.headers){
            this.headers = new Headers();
        }

         this.headers = new Headers();
         this.headers.append('Accept','application/json');
         this.headers.append('CustomHeader',"someTokenGoesHere");

        this.withCredentials = true;
    }
}

Later in module: 稍后在模块中: 

@NgModule({
  declarations: [
    MyApp
  ],
  imports: [
    IonicModule.forRoot(MyApp,{tabsHideOnSubPages:true})
  ],
  bootstrap: [IonicApp],
  entryComponents: [
    MyApp
  ],
  providers: [
    { provide: RequestOptions, useClass: DefaultRequestOptions } 
  ]
})

Also tried like this: 也试过这样: 

let headers = new Headers();
headers.append("Accept",'application/json');
headers.append("CustomHeader",'someTokenGoesHere');

let options = new RequestOptions({ headers: headers, withCredentials: true});

this.http.get('apiurl',options).subscribe((res)=>{ console.log(res)})

If anyone has successfully combined http headers and withCredentials flag, please share your experience. 如果有人成功组合了http标头和withCredentials标志,请分享您的体验。

UPDATE: I didn't found solution for this problem, so we decided to remove some security headers and make ip address filtering for requests. 更新:我没有找到解决此问题的方法,因此我们决定删除一些安全标头并对请求进行ip地址过滤。 In this way we don't need to send any extra http headers and continue using httponly cookies. 通过这种方式,我们不需要发送任何额外的http标头并继续使用httponly cookie。

1 个解决方案

解决方案1
 0  2017-06-20 14:44:13

You can add headers in options object of the http request 您可以在http请求的options对象中添加标头 

let headers: Headers = new Headers({
  'Content-Type': 'application/x-www-form-urlencoded'
});
let options = {
  method: RequestMethod.Post,
  headers: headers,
  responseType: ResponseContentType.Blob,
  withCredentials: true
};

return this.http
  .post(API + `/user/${id}`, {}, options)
  .map((r: Response) => {

  });

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有LocalStorage授权标头的HTTP客户端-Ionic2 / Angular2 App - HTTP Client with Authorization Headers from LocalStorage - Ionic2/Angular2 App Angular2自定义请求 - Angular2 custom request 扩展http类用于自定义用法ionic2 / Angular2导致错误 - extending http class for custom usage ionic2/Angular2 causing error Angular2在一个时间间隔内没有Http请求 - Angular2 No Http request in a time interval Angular2上的http获取请求错误 - http get request error on angular2 如何在Angular2中设置HTTP标头? - How to set header for HTTP in Angular2? Ionic2 & Angular2 $http POST 请求 - Ionic2 & Angular2 $http POST request Angular2 HTTP POST请求失败 - Angular2 http POST request failing Ionic2,Angular2,HTTP和Observables - Ionic2, Angular2, HTTP and Observables 对类变量的angular2 http响应设置 - angular2 http response setting to class variable
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM