[英]http 403 error in axios but works on postman
in postman when i entered my post request with Authorization and token value, then it works, however when i wanted to check it with axios it gives me 403 Http error (i've already provided authorization header in axios). (我的 Bearer 令牌是 localStorage.getItem("CurrentUser")})我將我的 axios 放在下面(當我檢查令牌和請求字符串時,它們都與郵遞員完全相同):
try {
await axios.post("http://localhost:8080/admins/post/" + allemployees[index].id,
{ headers: {'Authorization': localStorage.getItem("CurrentUser")} });
}
我也放了我的security.config,也許問題在那里:
@Configuration
@EnableWebSecurity
public class SecurityConfig{
private JwtAuthenticationEntryPoint handler;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthTokenFilter jwtAuthenticationFilter() {
return new AuthTokenFilter();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(List.of("http://localhost:3000"));
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
@Bean
public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors()
.and()
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(handler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers("/api/**")
.permitAll()
.anyRequest().authenticated()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "POST"))
.logoutSuccessUrl("http://localhost:3000/")
.invalidateHttpSession(true);
httpSecurity.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
return httpSecurity.build();
}
}
我怎么解決這個問題? 謝謝你。
因為Postman
不強制執行CORS
所以這就是它起作用的原因。 要啟用CORS
,請在此處查看;
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.