1. 首頁
  2. 問答
  3. Symfony2的智威湯遜認證的預檢

Symfony2的智威湯遜認證的預檢

2016-01-29 53 views
1

返回404我剛剛實施的Symfony2 LexikJWTAuthenticationBundle,當我試圖對用戶進行驗證,我不斷收到以下響應,Symfony2的智威湯遜認證的預檢

XMLHttpRequest cannot load http://api.example.trunk/api/login_check. Response for preflight has invalid HTTP status code 404

有什麼奇怪的是,該請求不通過Postman工作,我得到一個令牌,所以我認爲這可能與CORS有關?

我老實地搜索並研究了我能想到的每一件可能的事情,但我並沒有更接近找出可能導致這種情況的原因。

security.yml

security: 

    encoders: 
     User\UserBundle\Entity\User: sha512 

    role_hierarchy: 
     ROLE_ADMIN:  ROLE_USER 
     ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] 

    providers: 

     database_users: 
      entity: { class: UserBundle:User } 

     in_memory: 
      memory: 
       users: 
        ryan: 
         password: ryanpass 
         roles: 'ROLE_USER' 
        admin: 
         password: kitten 
         roles: 'ROLE_ADMIN' 

    firewalls: 
     login: 
      pattern: ^/api/login 
      stateless: true 
      anonymous: true 
      form_login: 
       check_path:    /api/login_check 
       success_handler:   lexik_jwt_authentication.handler.authentication_success 
       failure_handler:   lexik_jwt_authentication.handler.authentication_failure 
       require_previous_session: false 

     api: 
      pattern: ^/api 
      stateless: true 
      lexik_jwt: ~ 

     dev: 
      pattern: ^/(_(profiler|wdt)|css|images|js)/ 
      security: false 

    access_control: 
     - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/api,  roles: IS_AUTHENTICATED_FULLY }

example.trunk.conf

<VirtualHost *:80> 
    ServerName api.example.trunk 
    DocumentRoot /Users/user/Sites/example/web 
    UseCanonicalName Off 
    ErrorLog "/Users/user/Sites/logs/example-error_log" 
    CustomLog "/Users/user/Sites/logs/example-access_log" common 
    DirectoryIndex app_dev.php 

    Header always set Access-Control-Allow-Origin "*" 
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" 
    Header always set Access-Control-Allow-Headers "x-requested-with, content-type, origin, authorization, accept, client-security-token" 
    Header always set Access-Control-Max-Age "1000" 

    RewriteEngine On 
    RewriteCond %{HTTP:Authorization} ^(.*) 
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] 

    <Directory "/Users/user/Sites/example/web"> 
    AllowOverride All 
    Order allow,deny 
    Allow from all 
    </Directory> 
</VirtualHost>

請求/響應頭

General headers: 
    Request URL:http://api.example.trunk/api/login_check 
    Request Method:OPTIONS 
    Status Code:404 Not Found 
    Remote Address:127.0.0.1:80 

Response headers: 
    HTTP/1.1 404 Not Found 
    Access-Control-Allow-Origin: * 
    Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT 
    Access-Control-Allow-Headers: x-requested-with, content-type, origin, 
    authorization, accept, client-security-token 
    Access-Control-Max-Age: 1000 
    Cache-Control: no-cache 
    Keep-Alive: timeout=5, max=100 
    Connection: Keep-Alive 
    Transfer-Encoding: chunked 
    Content-Type: text/html; charset=UTF-8 

Request headers: 
    OPTIONS /api/login_check HTTP/1.1 
    Host: api.example.trunk 
    Connection: keep-alive 
    Access-Control-Request-Method: POST 
    Origin: http://localhost:3000 
    Access-Control-Request-Headers: accept, content-type 
    Accept: */* 
    Referer: http://localhost:3000/

來源

2016-01-29 Odyss3us

+0

你試過用內置的服務器?也許你的apache配置有問題。嘗試服務器:運行 – chalasr

+0

運氣好嗎? –

+0

所以我最終通過安裝[NelmioCorsBundle](https://github.com/nelmio/NelmioCorsBundle)來工作,我希望它可以幫助別人! – Odyss3us

回答

0

˚F或有任何人有這個問題,這裏是一個不推薦解決辦法,(我說的不推薦,因爲我相信一定會有一個更好的解決方案)

1.添加onKernelResponse事件偵聽器,並通過$ filterResponseEvent到它的參數

2.改寫默認標題狀態代碼當請求方法是OPTIONS

<?php 
/** 
* Created by PhpStorm. 
* User: aien 
* Date: 8/19/16 
* Time: 1:22 AM 
*/ 

namespace Administration\SystemBundle\EventListener; 

use Symfony\Component\HttpFoundation\Response; 
use Symfony\Component\HttpKernel\Event\FilterResponseEvent; 

class ApiHeaderListener 
{ 
    public function onKernelResponse(FilterResponseEvent $filterResponseEvent) 
    { 
     $headers = $filterResponseEvent->getResponse()->headers; 

     if ($filterResponseEvent->getRequest()->getMethod() == 'OPTIONS') 
     { 
      $res = $filterResponseEvent->getResponse(); 
      $res->setStatusCode(200); 
      $filterResponseEvent->setResponse($res); 
     } 

     $headers->set('Access-Control-Allow-Origin', '*'); 
     $headers->set('Access-Control-Allow-Methods', 'POST, GET, PUT, DELETE, PATCH, OPTIONS'); 
     $headers->set('Access-Control-Allow-Headers', 'X-Requested-With, origin, content-type, accept'); 
    } 
}

來源

2016-08-28 22:06:07

相關問題

 相關問題