非法响应 header Scala Spray 流水线
Illegal response header Scala Spray pipelining
当我尝试通过管道传输来自 Scala spray 的请求时,我遇到了以下错误
[play-akka.actor.default-dispatcher-14] INFO application - Pipelining chain request
[WARN] [03/19/2015 11:08:49.115] [application-akka.actor.default-dispatcher-2] [akka://application/user/IO-HTTP/group-0/0] Illegal response header: Illegal 'Access-Control-Allow-Origin' header: Unexpected end of input, expected $timesAccess$minusControl$minusAllow$minusOrigin (line 1, pos 1):
^
这里是我构建请求的地方:
val pipeline =
addCredentials(BasicHttpCredentials("API_KEY",
"API_SECRET")) ~> sendReceive
val response: Future[HttpResponse] = pipeline(Post(api,notification))
Logger.info("Pipelining chain request")
response
我对Access Control Allow Origin
了解不多。我是否需要向此请求添加某种 header 才能使其正常工作?
错误本身的意思是Access-Control-Allow-Origin
header wasn't parsed correctly (see grammar). This header is pretty new and allows Cross Origin Resource Sharing. Examples of normal Access-Control-Allow-Origin
(from here):
"Access-Control-Allow-Origin" in {
"Access-Control-Allow-Origin: *" =!= `Access-Control-Allow-Origin`(AllOrigins)
"Access-Control-Allow-Origin: null" =!= `Access-Control-Allow-Origin`(SomeOrigins(Nil))
"Access-Control-Allow-Origin: http://spray.io" =!= `Access-Control-Allow-Origin`(SomeOrigins(Seq("http://spray.io")))
}
我猜你可能使用了一些旧版本的spray,它不支持多源或者可能与this有关。无论如何,服务器 return 仅在请求中指定 Origin
header 时才会对此 header 进行响应(这意味着 CORS 启动),因此应该通过删除 Origin
header 来自它.
更新:这是您使用的 chain.com API 的错误。如果未指定 Origin
header,它们将 return Access-Control-Allow-Origin:
(空字符串)给您,因此无法解析:
> curl -v https://api.chain.com/v2/notifications -X POST
> POST /v2/notifications HTTP/1.1
> User-Agent: curl/7.41.0
> Host: api.chain.com
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS,HEAD
< Access-Control-Allow-Origin:
< Content-Type: text/plain; charset=utf-8
< Date: Sun, 22 Mar 2015 01:38:07 GMT
< Strict-Transport-Security: max-age=25920000; includeSubDomains
< Vary: Accept-Encoding
< Www-Authenticate: Basic realm="chain-api"
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Xss-Protection: 1
< Content-Length: 47
< Connection: keep-alive
<
{"code":"CH004","message":"Must authenticate"}
您必须指定一些 Origin
作为解决方法:
>curl -v https://api.chain.com/v2/notifications -X POST -H "Origin: http://google.com"
> POST /v2/notifications HTTP/1.1
> User-Agent: curl/7.41.0
> Host: api.chain.com
> Accept: */*
> Origin: http://google.com
< HTTP/1.1 401 Unauthorized
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS,HEAD
< Access-Control-Allow-Origin: http://google.com
< Content-Type: text/plain; charset=utf-8
< Date: Sun, 22 Mar 2015 01:39:10 GMT
< Strict-Transport-Security: max-age=25920000; includeSubDomains
< Vary: Accept-Encoding
< Www-Authenticate: Basic realm="chain-api"
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Xss-Protection: 1
< Content-Length: 47
< Connection: keep-alive
当我尝试通过管道传输来自 Scala spray 的请求时,我遇到了以下错误
[play-akka.actor.default-dispatcher-14] INFO application - Pipelining chain request
[WARN] [03/19/2015 11:08:49.115] [application-akka.actor.default-dispatcher-2] [akka://application/user/IO-HTTP/group-0/0] Illegal response header: Illegal 'Access-Control-Allow-Origin' header: Unexpected end of input, expected $timesAccess$minusControl$minusAllow$minusOrigin (line 1, pos 1):
^
这里是我构建请求的地方:
val pipeline =
addCredentials(BasicHttpCredentials("API_KEY",
"API_SECRET")) ~> sendReceive
val response: Future[HttpResponse] = pipeline(Post(api,notification))
Logger.info("Pipelining chain request")
response
我对Access Control Allow Origin
了解不多。我是否需要向此请求添加某种 header 才能使其正常工作?
错误本身的意思是Access-Control-Allow-Origin
header wasn't parsed correctly (see grammar). This header is pretty new and allows Cross Origin Resource Sharing. Examples of normal Access-Control-Allow-Origin
(from here):
"Access-Control-Allow-Origin" in {
"Access-Control-Allow-Origin: *" =!= `Access-Control-Allow-Origin`(AllOrigins)
"Access-Control-Allow-Origin: null" =!= `Access-Control-Allow-Origin`(SomeOrigins(Nil))
"Access-Control-Allow-Origin: http://spray.io" =!= `Access-Control-Allow-Origin`(SomeOrigins(Seq("http://spray.io")))
}
我猜你可能使用了一些旧版本的spray,它不支持多源或者可能与this有关。无论如何,服务器 return 仅在请求中指定 Origin
header 时才会对此 header 进行响应(这意味着 CORS 启动),因此应该通过删除 Origin
header 来自它.
更新:这是您使用的 chain.com API 的错误。如果未指定 Origin
header,它们将 return Access-Control-Allow-Origin:
(空字符串)给您,因此无法解析:
> curl -v https://api.chain.com/v2/notifications -X POST > POST /v2/notifications HTTP/1.1 > User-Agent: curl/7.41.0 > Host: api.chain.com > Accept: */* > < HTTP/1.1 401 Unauthorized < Access-Control-Allow-Credentials: true < Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS,HEAD < Access-Control-Allow-Origin: < Content-Type: text/plain; charset=utf-8 < Date: Sun, 22 Mar 2015 01:38:07 GMT < Strict-Transport-Security: max-age=25920000; includeSubDomains < Vary: Accept-Encoding < Www-Authenticate: Basic realm="chain-api" < X-Content-Type-Options: nosniff < X-Frame-Options: DENY < X-Xss-Protection: 1 < Content-Length: 47 < Connection: keep-alive < {"code":"CH004","message":"Must authenticate"}
您必须指定一些 Origin
作为解决方法:
>curl -v https://api.chain.com/v2/notifications -X POST -H "Origin: http://google.com" > POST /v2/notifications HTTP/1.1 > User-Agent: curl/7.41.0 > Host: api.chain.com > Accept: */* > Origin: http://google.com < HTTP/1.1 401 Unauthorized < Access-Control-Allow-Credentials: true < Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS,HEAD < Access-Control-Allow-Origin: http://google.com < Content-Type: text/plain; charset=utf-8 < Date: Sun, 22 Mar 2015 01:39:10 GMT < Strict-Transport-Security: max-age=25920000; includeSubDomains < Vary: Accept-Encoding < Www-Authenticate: Basic realm="chain-api" < X-Content-Type-Options: nosniff < X-Frame-Options: DENY < X-Xss-Protection: 1 < Content-Length: 47 < Connection: keep-alive