[英]Authorization header field absent in request.headers() and request.META when using Apache, Preflight CORS error in browser when using custom header
我在 AWS EC2 实例上启动并运行了我的 Rest Framework API。 我已经设置了 Apache 并添加了 SSL 证书。 我正在使用我自己的自定义令牌身份验证。
将授权作为标头传递- 在从Postman 和 React执行发布请求时,在request.headers("Authorization")和request.META["HTTP_AUTHORIZATION"]未收到标头。
传递 Authorization2 或 x-api-key 作为标头-
Access to fetch at 'https://www.myapi.live/api/project/add/8/' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization2 is not allowed by Access-Control-Allow-Headers in preflight response.我已经尝试在 React 中包含 Access-control-origin Header 并在后端设置 django-cors-headers。 但它没有帮助。
0.0.0.0:8000处公开 runserver而不是 apache https url- 这是我在sites-enabled sites-available sites-enabled 000-default.conf
<VirtualHost *:80>
ServerName www.myapi.live
ServerAdmin webmaster@localhost
DocumentRoot /home/ubuntu/django/project
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/ubuntu/django/project/static
<Directory /home/ubuntu/django/project/static>
Require all granted
</Directory>
<Directory /home/ubuntu/django/project/project>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess project python-path=/home/ubuntu/django/project python-home=/home/ubuntu/django/myenv
WSGIProcessGroup project
WSGIScriptAlias / /home/ubuntu/django/project/project/wsgi.py
WSGIPassAuthorization On
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.myapi.live
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</VirtualHost>
因此,我将WSGIPassAuthorization On添加到我的apache.conf文件中,该文件位于sites-enabled之外的父目录中。 进行这些更改使它像魅力一样工作,并且 apache 不再剥离Authorization标头。
以防万一这可以在将来对其他人有所帮助! 谢谢!
CORS 错误:请求 header 字段身份验证在预检响应中不允许访问控制允许标头
[英]CORS error: Request header field authentication is not allowed by Access-Control-Allow-Headers in preflight response
请求标头字段在飞行前响应中,Access-Control-Allow-Headers不允许进行授权。 (节点,反应,axios)
[英]Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response. (node, react, axios)
飞行前响应中Access-Control-Allow-Headers不允许Sails.js请求标头字段授权
[英]Sails.js Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response
预检响应中的 Access-Control-Allow-Headers 不允许请求 header 字段授权
[英]Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response
IBM Watson Conversation API:“在飞行前响应中,Access-Control-Allow-Headers不允许请求标头字段授权”
[英]IBM Watson Conversation API: “Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response”
使用模式:无要求时,浏览器未添加我在前端代码中设置的请求标头
[英]When using mode: no-cors for a request, browser isn’t adding request header I’ve set in my frontend code
XMLHttpRequest 已被 CORS 策略阻止:请求 header 字段内容类型在预检响应中不允许访问控制允许标头
[英]XMLHttpRequest has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response
被 CORS 策略阻止:预检响应中的 Access-Control-Allow-Headers 不允许请求标头字段内容类型
[英]blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response
被 CORS 策略阻止:请求 header 字段 access-control-allow-methods 在预检响应中被 Access-Control-Allow-Headers 不允许
[英]blocked by CORS policy: Request header field access-control-allow-methods is not allowed by Access-Control-Allow-Headers in preflight response
React/Redux 中的 Cloudinary“被 CORS 策略阻止”。 请求头域授权
[英]Cloudinary in React/Redux "blocked by CORS policy". Request header field authorization
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.