[英]CORS error: Request header field authentication is not allowed by Access-Control-Allow-Headers in preflight response
[英]Authorization header field absent in request.headers() and request.META when using Apache, Preflight CORS error in browser when using custom header
我在 AWS EC2 实例上启动并运行了我的 Rest Framework API。 我已经设置了 Apache 并添加了 SSL 证书。 我正在使用我自己的自定义令牌身份验证。
将授权作为标头传递- 在从Postman 和 React执行发布请求时,在request.headers("Authorization")
和request.META["HTTP_AUTHORIZATION"]
未收到标头。
传递 Authorization2 或 x-api-key 作为标头-
Access to fetch at 'https://www.myapi.live/api/project/add/8/' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization2 is not allowed by Access-Control-Allow-Headers in preflight response.
我已经尝试在 React 中包含 Access-control-origin Header 并在后端设置 django-cors-headers。 但它没有帮助。
0.0.0.0:8000
处公开 runserver而不是 apache https url- 这是我在sites-enabled
sites-available
sites-enabled
000-default.conf
<VirtualHost *:80>
ServerName www.myapi.live
ServerAdmin webmaster@localhost
DocumentRoot /home/ubuntu/django/project
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/ubuntu/django/project/static
<Directory /home/ubuntu/django/project/static>
Require all granted
</Directory>
<Directory /home/ubuntu/django/project/project>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess project python-path=/home/ubuntu/django/project python-home=/home/ubuntu/django/myenv
WSGIProcessGroup project
WSGIScriptAlias / /home/ubuntu/django/project/project/wsgi.py
WSGIPassAuthorization On
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.myapi.live
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</VirtualHost>
因此,我将WSGIPassAuthorization On
添加到我的apache.conf
文件中,该文件位于sites-enabled
之外的父目录中。 进行这些更改使它像魅力一样工作,并且 apache 不再剥离Authorization
标头。
以防万一这可以在将来对其他人有所帮助! 谢谢!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.