401 Unatuhorized(“详细信息”:“未提供身份验证凭据。”)
[英]401 Unatuhorized(“detail”:“Authentication credentials were not provided.”)
问题描述
i am using djoser's authentication at backend. 
我在后端使用djoser的身份验证。 when i make a get request at "/account/me/" through post man with content-type and Authorization header i am getting a correct response. 当我通过具有内容类型和Authorization标头的邮递员在“ / account / me /”处发出获取请求时,我得到了正确的响应。 But when i try to do same request from my angular client i get 401 Unatuhorized("detail":"Authentication credentials were not provided.") error. 但是,当我尝试从我的角度客户端执行相同的请求时,我收到401 Unatuhorized(“ detail”:“未提供身份验证凭据。”)错误。 here is my angular service 这是我的角度服务
import { Injectable } from '@angular/core';
import {homeUrls} from "../../../utils/urls";
import {Http, RequestOptions, Headers Response} from '@angular/http';
import {HttpHeaders,} from "@angular/common/http";
@Injectable()
export class AdsService {
private headers = new Headers();
private token: string;
constructor(private http: Http) {
this.token = localStorage.getItem('token');
console.log("token is " , this.token);
//this.headers = new Headers({'Content-Type': 'application/json' , 'Authorization': 'Token ' + this.token });
this.headers.append('Authorization', 'Token ' + this.token);
this.headers.append('Content-Type', 'application/json');
console.log(this.headers);
this.getMe();
}
getMe(): Promise<any> {
let options = new RequestOptions({ headers: this.headers });
return this.http.get(homeUrls.User, options)
.toPromise()
.then(res=> {
console.log("user is");
console.log(res.json());
});
}
and here is the screenshot of headers window of my network tab. 这是我的网络标签的标题窗口的屏幕截图。
any solutions? 有什么解决办法吗?
1 个解决方案
解决方案1
1 2018-03-19 11:06:07
When doing a preflight requests, custom headers such as Authorization will not be included. 进行预检请求时,将不包括自定义标头,例如Authorization 。
So, if your server expects only authenticated users to perform an OPTIONS requests, then you'll end up always getting 401 errors (since the headers will never be passed) 因此,如果您的服务器只希望经过身份验证的用户执行OPTIONS请求,那么您将最终总是收到401错误(因为标头将永远不会传递)
Now, I don't know django at all, but from this thread here it looks like a known issue 现在,我一点也不了解django,但是从这里的线程看来,这似乎是一个已知问题
https://github.com/encode/django-rest-framework/issues/5616
Maybe try the suggested workaround, which is using a custom permission checker instead of using django rest framework's default 也许尝试建议的解决方法,它使用自定义权限检查器,而不是使用django rest框架的默认值
Workaround (from above thread) 解决方法(从上述线程开始)
# myapp/permissions.py
from rest_framework.permissions import IsAuthenticated
class AllowOptionsAuthentication(IsAuthenticated):
def has_permission(self, request, view):
if request.method == 'OPTIONS':
return True
return request.user and request.user.is_authenticated
And in settings.py:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.TokenAuthentication',),
'DEFAULT_PERMISSION_CLASSES': (
'myapp.permissions.AllowOptionsAuthentication',
)
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.