[英]Gophish API request is blocked : "header ‘authorization’ is not allowed" (Javascript request)
I am using the Gophish API for the first time.我是第一次使用 Gophish API。
I can't get the list of the sending profiles through a simple Javascript HTTP request.我无法通过简单的 Javascript HTTP 请求获取发送配置文件列表。 Firefox display this error message: Firefox 显示此错误消息:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
``https://MY_GOPHISH_SERVER_URL:3333/api/smtp``. (Reason: header ‘authorization’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).
Here is my request code:这是我的请求代码:
fetch("MY_GOPHISH_SERVER_URL:3333/api/smtp", {
method: "GET",
headers: {
Authorization : MY_GOPHISH_API_KEY
},
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error(error.message))
}
What could I try?我可以尝试什么? Is there a way to edit Gophish CORS policy?有没有办法编辑 Gophish CORS 政策?
Thanks.谢谢。
Julien于连
Additional information:附加信息:
I actually discovered that it requires to disable the SSL certificate verification as the SSL certificate is known and valid.我实际上发现它需要禁用 SSL 证书验证,因为 SSL 证书是已知且有效的。
I am gonna open a new ticket for that purpose as it is bugging as well... xD !我要为此目的开一张新票,因为它也有窃听……xD!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.