1. 首頁
  2. 問答
  3. setRequestHeader不添加授權頭

setRequestHeader不添加授權頭

2016-12-07 51 views
0

我試圖從JavaScript發送帶有Authorization頭一個HTTP POST,發現了很多的答案,建議此配置setRequestHeader不添加授權頭

var device_address = 10.25.148.164; 
var device_login = myusername; 
var device_password = mypassword; 
var xhr = new XMLHttpRequest(); 
xhr.open('POST', 'http://' + device_address + '/rest/conf', true); 
xhr.setRequestHeader('Authorization', 'Basic ' + btoa(device_login + ':' + device_password)); 
xhr.send();

以上的配置不適合我的工作,我也得到狀態碼401 :未經授權」;從Wireshark的數據包捕獲,我看到下面的

Hypertext Transfer Protocol 
OPTIONS /rest/conf HTTP/1.1\r\n 
    [Expert Info (Chat/Sequence): OPTIONS /rest/conf HTTP/1.1\r\n] 
     [OPTIONS /rest/conf HTTP/1.1\r\n] 
     [Severity level: Chat] 
     [Group: Sequence] 
    Request Method: OPTIONS 
    Request URI: /rest/conf 
    Request Version: HTTP/1.1 
Host: 10.25.148.164\r\n 
Connection: keep-alive\r\n 
Access-Control-Request-Method: POST\r\n 
Origin: http://10.120.22.225:3000\r\n 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36\r\n 
Access-Control-Request-Headers: authorization\r\n 
Accept: */*\r\n 
Referer: http://10.120.22.225:3000/myapp/1/edit?\r\n 
Accept-Encoding: gzip, deflate, sdch\r\n 
Accept-Language: en-US,en;q=0.8\r\n 
\r\n 
[Full request URI: http://10.25.148.164/rest/conf] 
[HTTP request 1/1] 
[Response in frame: 14]

但是,如果我把從郵差它工作的POST,和Wireshark數據包捕獲顯示以下

Hypertext Transfer Protocol 
POST /rest/conf HTTP/1.1\r\n 
Host: 10.25.148.164\r\n 
Connection: keep-alive\r\n 
Content-Length: 0\r\n 
Accept: application/json\r\n 
Cache-Control: no-cache\r\n 
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop\r\n 
Authorization: Basic <original_string_removed_from_here>\r\n 
    Credentials: myusername:mypassword 
Content-Type: application/json\r\n 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36\r\n 
Postman-Token: 4ec1726d-dced-eede-625b-17f9b8f3e0fe\r\n 
Accept-Encoding: gzip, deflate\r\n 
Accept-Language: en-US,en;q=0.8\r\n 
\r\n 
[Full request URI: http://10.25.148.164/rest/conf] 
[HTTP request 1/1] 
[Response in frame: 19]

我試過window.btoa代替BTOA,我嘗試添加

xhr.setRequestHeader('Content-Type', 'application/json'); 
xhr.setRequestHeader('Accept', 'application/json');

,但毫無效果。

任何人都可以告訴我我錯過了什麼?

更新1

我用了一個臨時服務器並啓用訪問控制允許來源:*,但反應仍然是401未授權

Hypertext Transfer Protocol 
HTTP/1.1 401 Unauthorized\r\n 
    [Expert Info (Chat/Sequence): HTTP/1.1 401 Unauthorized\r\n] 
     [HTTP/1.1 401 Unauthorized\r\n] 
     [Severity level: Chat] 
     [Group: Sequence] 
    Request Version: HTTP/1.1 
    Status Code: 401 
    Response Phrase: Unauthorized 
Access-Control-Allow-Origin: *\r\n 
Content-Type: application/json\r\n 
Vyatta-Specification-Version: 0.3\r\n 
Cache-Control: no-cache\r\n 
Content-Length: 47\r\n 
    [Content length: 47] 
Date: Sat, 10 Dec 2016 02:25:48 GMT\r\n 
Server: lighttpd/1.4.35\r\n 
\r\n 
[HTTP response 1/1] 
[Time since request: 0.000526000 seconds] 
[Request in frame: 19] 
File Data: 47 bytes

JavaScript對象符號:應用/ JSON

來源

2016-12-07 rh4games

回答

0

這是一個跨源的瀏覽器請求,如果是的話,這將作爲安全措施被阻止,你從哪裏發起請求我可以得到的URL和任何其他數據可能是有用的和對不起張貼此作爲一個答案不能發表評論,希望這是有益的

PS-如果你有一個臨時的URL從那裏試試吧上傳代碼後,可能工作

來源

2016-12-07 05:38:11

+0

我看到你的請求的淵源考爲 –

+0

「原產地:http://10.120.22.225:3000\r\n'和postman的起源是'Origin:chrome-extension:// fhbjgbiflinjbdggehcddcbncdddomop \ r \ n'事情是你需要一個有效的來源,如果你有一個臨時服務器檢查它從那裏最有可能它會工作,因爲登臺服務器具有所需的安全證書 –

+0

也如果這是不可用的,你可以嘗試添加http頭允許交叉來源請求嘗試這[鏈接](http://stackoverflow.com/ question/10636611/how-do-access-control-allow-origin-header-work) –

相關問題

 相關問題