Angular 放弃对 POST/PUT 请求的授权 header
[英]Angular dropping Authorization header on POST/PUT requests
问题描述
I have an Angular app that communicates with an API hosted on heroku.
我有一个 Angular 应用程序,它与托管在 heroku 上的 API 进行通信。 Simply put it's a movie database where you can add movies to and remove from your favourites.简单地说,它是一个电影数据库,您可以在其中添加电影或从收藏夹中删除电影。
The request for adding a movie:添加电影的请求:
addMovie(username: any, movieId: any): Observable<any> {
const token = localStorage.getItem('token');
return this.http.post(apiUrl + `users/${username}/movies/${movieId}`, {headers: new HttpHeaders(
{
Authorization: 'Bearer ' + token,
}
)}).pipe(
map(this.extractResponseData),
catchError(this.handleError)
);
}
And removing a movie:并删除电影:
deleteMovie(username: any, movieId: any): Observable<any> {
const token = localStorage.getItem('token');
return this.http.delete(apiUrl + `users/${username}/movies/${movieId}`, {headers: new HttpHeaders(
{
Authorization: 'Bearer ' + token,
}
)}).pipe(
map(this.extractResponseData),
catchError(this.handleError)
);
}
Both requests are exactly the same but the POST request drops the Authorization header for some reason while the DELETE request doesn't.两个请求完全相同,但是 POST 请求由于某种原因放弃了授权 header 而 DELETE 请求没有。 When looking at the preflight request for both, the preflight for the POST request doesn't even request allowance for the Authorization header, while the preflight for the DELETE request does.在查看两者的预检请求时,POST 请求的预检甚至没有请求授权 header 的许可,而 DELETE 请求的预检则有。
Preflight for POST: POST 的预检:
curl "https://somesite.com/users/tester/movies/6123fbc6a2a0fea2b1f81fd1" ^
-X "OPTIONS" ^
-H "Connection: keep-alive" ^
-H "Accept: */*" ^
-H "Access-Control-Request-Method: POST" ^
-H "Access-Control-Request-Headers: content-type" ^
-H "Origin: http://localhost:4200" ^
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36" ^
-H "Sec-Fetch-Mode: cors" ^
-H "Sec-Fetch-Site: cross-site" ^
-H "Sec-Fetch-Dest: empty" ^
-H "Referer: http://localhost:4200/" ^
-H "Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7" ^
Preflight for DELETE:删除预检:
curl "https://somesite.com/users/tester/movies/61240c5da2a0fea2b1f81fd9" ^
-X "OPTIONS" ^
-H "Connection: keep-alive" ^
-H "Accept: */*" ^
-H "Access-Control-Request-Method: DELETE" ^
-H "Access-Control-Request-Headers: authorization" ^
-H "Origin: http://localhost:4200" ^
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36" ^
-H "Sec-Fetch-Mode: cors" ^
-H "Sec-Fetch-Site: cross-site" ^
-H "Sec-Fetch-Dest: empty" ^
-H "Referer: http://localhost:4200/" ^
-H "Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7" ^
Replacing POST with PUT results in the same problem.用 PUT 替换 POST 会导致同样的问题。
1 个解决方案
解决方案1
2 已采纳 2021-12-18 14:55:14
The second argument in a POST request is the body. POST 请求中的第二个参数是正文。 The third argument in a POST request is options. POST 请求中的第三个参数是选项。 The second argument in a DELETE request is options. DELETE 请求中的第二个参数是选项。 Currently, you're sending the authentication header in the body in the POST request, but it belongs to options.目前,您在 POST 请求的正文中发送身份验证 header,但它属于选项。
You can send an empty body你可以发送一个空的身体
addMovie(username: any, movieId: any): Observable<any> {
const token = localStorage.getItem('token');
return this.http.post(apiUrl + `users/${username}/movies/${movieId}`, {}, {headers: new HttpHeaders(
{
Authorization: 'Bearer ' + token,
}
)}).pipe(
map(this.extractResponseData),
catchError(this.handleError)
);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.