[英]How do I avoid 401 (Unauthorized) when creating a new API endpoint for Solidus / Spree?
我正在做一個PUT "/api/shipments/H10372375236/ready_for_pickup"
,但這在Spree::BaseController#authenticate_user
停止。 我的 PUT 請求不包含BaseController#api_key要求的任何 X-Spree-Token 標頭
這是我的按鈕的代碼:
<%= form_tag(spree.api_ready_for_pickup_path(shipment), { method: "PUT", remote: true, id: "admin-ship-shipment" }) do %>
<%= submit_tag Spree.t(:ready_for_pickup), class: "ship-shipment-button" %>
<% end %>
這是我的路線:
Spree::Core::Engine.routes.draw do
namespace :api, defaults: { format: 'json' } do
put '/shipments/:id/ready_for_pickup' => 'shipments#ready_for_pickup', as: :ready_for_pickup
end
end
Rails.application.routes.draw do
mount Spree::Core::Engine, :at => '/'
end
rake routes
可作為 Gist在這里使用。 我在管理界面中為當前用戶創建了一個 API 密鑰。 如何確保 PUT 請求包含缺少的 X-Spree-Token?
我將支持該SO答案 ,即在控制器的更新操作中設置標頭,如下所示:
response.headers["X-Spree-Token"] = auth_token
我通過將spree_api_key
作為形式的令牌參數發送spree_api_key
修復了它。
<%= form_tag(spree.api_ready_for_pickup_path(shipment), { method: "PUT", remote: true, id: "admin-ship-shipment" }) do %>
<%= hidden_field_tag :token, try_spree_current_user.spree_api_key %>
<%= submit_tag Spree.t(:ready_for_pickup), class: "ship-shipment-button" %>
<% end %>
正如您所說,它正在使用 params 中的令牌工作,但在文檔中,建議將其傳遞到這樣的標頭中:
Authorization: Bearer API_KEY
(當然,API_KEY 換成你自己的api key)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.