问题描述
我试图在我的Angular前端的http请求中添加一个Authorization标头,但它不起作用:后端未收到此标头。
在Chrome的控制台上观看时,我可以看到该请求包含标题。
当我使用Postman时,标题在后端是可以的。
这是邮递员的屏幕截图:
这是我的角拦截器:
intercept(request: HttpRequest<any>,next: HttpHandler):
Observable<HttpEvent<any>> {
if (!request.url.startsWith('http')) {
if (localStorage.getItem('token')) {
let headers: HttpHeaders = request.headers;
headers = headers.set('Authorization','Bearer ' +
localStorage.getItem('token'));
request = request.clone({
url: environment.backendUrl + request.url,headers
});
}
}
console.log("headers are : ",request.headers);
return next.handle(request).pipe(catchError((error:
HttpErrorResponse) =>
{
[...]
})) as any;
}
这是我的Spring过滤器:
public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse,FilterChain chain) throws IOException,servletexception {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
// Assume we have only one Authorization header value
final Optional<String> token = Optional.ofNullable(request.getHeader(HttpHeaders.AUTHORIZATION));
// Optional is empty
[...]
}
解决方法
您必须在后端的Access-Control-Allow-Headers中添加Authorization标头密钥
Access-Control-Allow-Headers:授权(当您这样给出时,它仅接受指定的标头。如果您要接受其他密钥(例如授权),则必须提及该密钥名称)
或
您也可以这样给
访问控制允许标题:*
,我的问题出在WebSecurityConfig上,我忘记为此启用CORS了:
http
.cors().and()