个人中心
gpt4 book ai didi

angularjs - Yii2 REST+ Angular 跨域 CORS

转载 作者:行者123 更新时间:2023-12-04 13:58:39 28 4
gpt4 key购买 nike

我开发了 Angular & Yii2 REST 服务。跨域有问题。
在下面添加我的 angular & Yii2 REST 代码。

AngularJs : (如' http://organization1.example.com ',' http://organization2.example.com ',....)

$http.defaults.useXDomain = true;
$http.defaults.withCredentials = true;
$http.defaults.headers.common['Authorization'] = 'Bearer ' + MYTOKEN

我来自 Angular Controller 的请求: 
apiURL = 'http://api.example.com';
$http.get(apiURL + '/roles')
     .success(function (roles) { })
     .error(function () { });

Yii2 .htaccess:(REST URL 像“ http://api.example.com”) 
Header always set Access-Control-Allow-Origin: "*"
Header always set Access-Control-Allow-Credentials: true
Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "Authorization,X-Requested-With, content-type"

Yii2 我的行为: 
public function behaviors() {
    $behaviors = parent::behaviors();
    $behaviors['corsFilter'] = [
        'class' => Cors::className(),
        'cors' => [
            'Origin' => ['*'],
            'Access-Control-Expose-Headers' => [
                'X-Pagination-Per-Page',
                'X-Pagination-Total-Count',
                'X-Pagination-Current-Page',
                'X-Pagination-Page-Count',
            ],
        ],
    ];
    $behaviors['authenticator'] = [
        'class' => HttpBearerAuth::className(),
        'except' => ['options'],
    ];
    $behaviors['contentNegotiator'] = [
        'class' => ContentNegotiator::className(),
        'formats' => [
            'application/json' => Response::FORMAT_JSON,
        ],
    ];

    return $behaviors;
}

问题

从我的 Angular 请求是 'GET' 方法,但它会转为 'OPTIONS' 方法并返回 401 未经授权的错误(CORS)。因为请求授权头没有发送。

最佳答案

更新:

正如@jlapoutre 所指出的,现在已经很好地描述了 in official docs :

Adding the Cross-Origin Resource Sharing filter to a controller is a bit more complicated than adding other filters described above, because the CORS filter has to be applied before authentication methods and thus needs a slightly different approach compared to other filters. Also authentication has to be disabled for the CORS Preflight requests so that a browser can safely determine whether a request can be made beforehand without the need for sending authentication credentials. The following shows the code that is needed to add the yii\filters\Cors filter to an existing controller that extends from yii\rest\ActiveController:

use yii\filters\auth\HttpBasicAuth;

public function behaviors()
{
    $behaviors = parent::behaviors();

    // remove authentication filter
    $auth = $behaviors['authenticator'];
    unset($behaviors['authenticator']);

    // add CORS filter
    $behaviors['corsFilter'] = [
        'class' => \yii\filters\Cors::className(),
    ];

    // re-add authentication filter
    $behaviors['authenticator'] = $auth;
    // avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method)
    $behaviors['authenticator']['except'] = ['options'];

    return $behaviors;
}


旧答案 (已弃用)

parent::behaviors() 合并时存在排序问题.完整详情 here .

我建议在与父数组合并时不要定义键: 
public function behaviors()
{
    return \yii\helpers\ArrayHelper::merge([
        [
            'class' => \yii\filters\Cors::className(),
            'cors' => [...],
        ],
        [
            'class' => \yii\filters\auth\HttpBearerAuth::className(),
            'except' => ['options'],
        ],
        [
            'class' => ContentNegotiator::className(),
            'formats' => [...],
        ]
    ], parent::behaviors());
}

关于angularjs - Yii2 REST+ Angular 跨域 CORS,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35359365/

28 4 0
文章推荐: function - 为什么在函数定义中首选模式匹配?
文章推荐: angular - NGRX - 使用 Jasmine 大理石将 promise 转换为可观察的测试效果问题
文章推荐: c++ - Conv2D vs Depthwise Conv2D 计算
文章推荐: jakarta-ee - 使用 CDI 注入(inject)所有相同类型的 bean
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com