stackoom
  简体   繁体   中英

No authorization token was found when res.redirect

 原文  2016-03-08 11:47:25       javascript/ node.js/ express/ jwt/ express-jwt

Question

I have two applications, both on Nodejs. One front-end and other back-end. My back-end app is protected with token access using express-jwt and jsonwebtoken middlewares.

My problem is: I am making a request from front-end to back-end passing the token on header, back-end accepts the request and respond properly. Then in the front-end I redirect the response to an specific page ( res.redirect('/') ), in that moment I get the error UnauthorizedError: No authorization token was found

My front-end request: 

/* Authentication */
router.post('/', function(req, res, next) {

    // request login service
    request({
        uri: env.getUrl() + "/user",
        method: 'POST',
        timeout: 10000,
        headers: {
            'Authorization': 'Bearer '.concat(global.token)
        },
        form: { login : req.body.login, pwd : req.body.pwd }
    }, function(error, response, body){
        if(error) {
            logger.error(error);
            res.render("error", {message: "Error getting user" }); 
        }
        else {
            if(body){
                req.session.usuario = JSON.parse(body);
                res.redirect("/");
            } else {
                res.render("login", {message: "Login Failed" });
            }
        }
    });
});

I don't know why this happen. Could you help me? Thanks in advance.

2 answers

solution1
 1  2016-03-08 14:14:42

A redirect (via res.redirect ) issues a new HTTP request. This means that the Authorization header is empty. This results in the UnauthorizedError error.

To fix this, you have two options:

1. Pass the token in the URI
You can issue the redirect with the token passed in the URL in this way: 

res.redirect("/?access_token=" + global.token);

2. Set the header before the redirect
You can set the 'Authorization' header before making the redirect request: 

req.session.access_token = global.token;

solution2
 -1 ACCPTED  2016-03-12 23:45:57

Problem found.

Anytime the my front-end app makes a request to the back-end side (api) the user logged in front-end is validated against back-end and so the fron-end's session is updated as well. Which means that every request is actually two requests:

  1. One as the real request the app is doing.
  2. The request validating the user logged on front-end in order to be sure that user exists.

This update (second point) was made without providing a token.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question res.redirect not workig when working with React res.redirect not working when using no template res.redirect is not a function When I res.redirect(`/relative/url`), the response received is PATCH 404 Not found. How to fix this? Express res.redirect causing “Uncaught SyntaxError: Unexpected token <” res.redirect() not working in chrome - Found. Redirecting to nodejs:routing using res.redirect not working showing 404 not found res.redirect() outputs to browser “Found. Redirecting to <url>” Passing variables on res.redirect Express res.redirect not redirecting
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM