Gophish API 请求被阻止:“不允许标头‘授权’”(Javascript 请求)
[英]Gophish API request is blocked : "header ‘authorization’ is not allowed" (Javascript request)
问题描述
I am using the Gophish API for the first time.
我是第一次使用 Gophish API。
I can't get the list of the sending profiles through a simple Javascript HTTP request.我无法通过简单的 Javascript HTTP 请求获取发送配置文件列表。 Firefox display this error message: Firefox 显示此错误消息:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
``https://MY_GOPHISH_SERVER_URL:3333/api/smtp``. (Reason: header ‘authorization’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).
Here is my request code:这是我的请求代码:
fetch("MY_GOPHISH_SERVER_URL:3333/api/smtp", {
method: "GET",
headers: {
Authorization : MY_GOPHISH_API_KEY
},
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error(error.message))
}
What could I try?我可以尝试什么? Is there a way to edit Gophish CORS policy?有没有办法编辑 Gophish CORS 政策?
Thanks.谢谢。
Julien于连
Additional information:附加信息:
- The campaigns made from Gophish browser interface work well.从 Gophish 浏览器界面制作的活动效果很好。
- If I try the same request with POSTMAN, it works only if I disable the SSL certificate verification.如果我用 POSTMAN 尝试相同的请求,它只有在我禁用 SSL 证书验证时才有效。
- The SSL certificate is valid (I own it and it is announced as valid by browsers) SSL 证书有效(我拥有它并被浏览器宣布为有效)
1 个解决方案
解决方案1
0 2023-01-31 13:52:09
I actually discovered that it requires to disable the SSL certificate verification as the SSL certificate is known and valid.我实际上发现它需要禁用 SSL 证书验证,因为 SSL 证书是已知且有效的。
I am gonna open a new ticket for that purpose as it is bugging as well... xD !我要为此目的开一张新票,因为它也有窃听……xD!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.