在為 Solidus / Spree 創建新的 API 端點時,如何避免 401(未經授權)?
[英]How do I avoid 401 (Unauthorized) when creating a new API endpoint for Solidus / Spree?
問題描述
我正在做一個PUT "/api/shipments/H10372375236/ready_for_pickup" ,但這在Spree::BaseController#authenticate_user停止。 我的 PUT 請求不包含BaseController#api_key要求的任何 X-Spree-Token 標頭
這是我的按鈕的代碼:
<%= form_tag(spree.api_ready_for_pickup_path(shipment), { method: "PUT", remote: true, id: "admin-ship-shipment" }) do %>
<%= submit_tag Spree.t(:ready_for_pickup), class: "ship-shipment-button" %>
<% end %>
這是我的路線:
Spree::Core::Engine.routes.draw do
namespace :api, defaults: { format: 'json' } do
put '/shipments/:id/ready_for_pickup' => 'shipments#ready_for_pickup', as: :ready_for_pickup
end
end
Rails.application.routes.draw do
mount Spree::Core::Engine, :at => '/'
end
rake routes可作為 Gist在這里使用。 我在管理界面中為當前用戶創建了一個 API 密鑰。 如何確保 PUT 請求包含缺少的 X-Spree-Token?
3 個解決方案
解決方案1
0 2016-04-06 12:55:02
我將支持該SO答案 ,即在控制器的更新操作中設置標頭,如下所示:
response.headers["X-Spree-Token"] = auth_token
解決方案2
0 2016-04-06 13:38:45
我通過將spree_api_key作為形式的令牌參數發送spree_api_key修復了它。
<%= form_tag(spree.api_ready_for_pickup_path(shipment), { method: "PUT", remote: true, id: "admin-ship-shipment" }) do %>
<%= hidden_field_tag :token, try_spree_current_user.spree_api_key %>
<%= submit_tag Spree.t(:ready_for_pickup), class: "ship-shipment-button" %>
<% end %>
解決方案3
0 2021-10-18 10:19:24
正如您所說,它正在使用 params 中的令牌工作,但在文檔中,建議將其傳遞到這樣的標頭中:
Authorization: Bearer API_KEY
(當然,API_KEY 換成你自己的api key)
如何為Solidus / Spree添加具有自定義權限的新角色?
[英]Howto add a new role with a custom permission set for Solidus / Spree?
401 向 heroku 上的軌道 api 發出請求時出現未經授權的錯誤
[英]401 Unauthorized error when making requests to rails api on heroku
如何通過Spree API創建訂單時創建貨件?
[英]How do I create shipments at the time an order is created through the Spree API?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.