gpt4 book ai didi

ajax - 在带有基本身份验证请求的 ajax cors 的情况下,浏览器身份验证弹出窗口不显示

转载 作者:行者123 更新时间:2023-12-02 04:26:34 25 4
gpt4 key购买 nike

从域 A 的网页中,我向域 B 发出 ajax 请求,以获取在域 B 上配置了基本身份验证的 JSON。我可以访问两个域上的代码。我在域 B 上配置了所有必需的 CORS header (在阅读了一些 stackoverflow 之后,甚至使 Access-Control-Allow-Origin header 值特定而不是“*”)我期待的是浏览器基本身份验证弹出,但 POST 请求只是因 401 失败。我可以看到服务器已响应预飞行选项请求的预期响应 header ,在 OPTION 的请求和响应 header 下方以及发生的实际 POST 方法调用

***OPTION REQUEST***
Host: DOMAIN_B:8085
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Referer: http://DOMAIN_A:2280/app/
Origin: http://DOMAIN_A:2280
Connection: keep-alive
***OPTION RESPONSE***
HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: http://DOMAIN_A:2280
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: Content-Type,Authorization,x-requested-with
Access-Control-Max-Age: 1
Allow: GET,POST
Content-Type: text/html; charset=utf-8
Content-Length: 8
Date: Fri, 04 Jan 2019 12:48:48 GMT
Connection: keep-alive
*** ACTUAL POST REQUEST***
Host: DOMAIN_B:8085
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://DOMAIN_A:2280/app/
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 105
Origin: http://DOMAIN_A:2280
Connection: keep-alive
*** ACTUAL POST REQUEST***
HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Vary: X-HTTP-Method-Override, Origin
Access-Control-Allow-Origin: http://DOMAIN_A:2280
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST,GET,PUT,DELETE
Access-Control-Allow-Headers: Content-Type,Authorization,x-requested-with
Access-Control-Max-Age: 1
WWW-Authenticate: Basic realm=artist
Content-Type: text/plain; charset=utf-8
Content-Length: 12
Date: Fri, 04 Jan 2019 12:48:48 GMT
Connection: keep-alive

因此,它希望浏览器查看 POST 调用的响应(401 HTTP 代码和 WWW-Authenticate header )时会收到提示以显示 native 身份验证弹出窗口,但事实并非如此。我不确定我在这里做错了什么。显示自定义表单以捕获凭据并将其传递到 "Authorization"标题使用 btoa功能不是一种选择
感谢任何帮助,我在这里撕毁我的头发!!!

最佳答案

使用 basic-auth npm 插件

const auth = require('basic-auth');
app.use(function (request, response, next) {
var user = auth(request);
console.log("user => ",user);
if (!user || !user.name || !user.pass) {
response.set('WWW-Authenticate', 'Basic realm="example"');
return response.status(401).send();
}
return next();
});

关于ajax - 在带有基本身份验证请求的 ajax cors 的情况下,浏览器身份验证弹出窗口不显示,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54040014/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com