yii2 rest api basic auth 抛出 401 unauthorized
yii2 rest api basic auth throws 401 unauthorized
我正在开发一个 api 使用 yii2 REST Api basicauth。我已经在我本地的 xampp 服务器上开发成功了。我已经将代码部署到 vps 运行 centos。但我收到以下未经授权的回复:
{
"name": "Unauthorized",
"message": "Your request was made with invalid credentials.",
"code": 0,
"status": 401,
"type": "yii\web\UnauthorizedHttpException"
}
我已经正确设置了headers。
回应headers:
Connection →Keep-Alive
Content-Type →application/json; charset=UTF-8
Date →Fri, 05 May 2017 08:40:49 GMT
Keep-Alive →timeout=5, max=100
Server →Apache
Transfer-Encoding →chunked
Www-Authenticate →Basic realm="api"
X-Powered-By →PHP/5.6.30
my headers:
Authorization : Basic BVrVm3Ay0jg2XBr3TeITaClg
Content-Type : application/x-www-form-urlencoded
当我转储 headers 时,我没有看到授权 Header:
object(yii\web\HeaderCollection)#81 (1) {
["_headers":"yii\web\HeaderCollection":private]=>
array(10) {
["content-type"]=>
array(1) {
[0]=>
string(33) "application/x-www-form-urlencoded"
}
["accept"]=>
array(1) {
[0]=>
string(3) "*/*"
}
["accept-encoding"]=>
array(1) {
[0]=>
string(19) "gzip, deflate, sdch"
}
["accept-language"]=>
array(1) {
[0]=>
string(14) "en-US,en;q=0.8"
}
["cache-control"]=>
array(1) {
[0]=>
string(8) "no-cache"
}
["connection"]=>
array(1) {
[0]=>
string(10) "keep-alive"
}
["cookie"]=>
array(1) {
[0]=>
string(172) "_csrf=ed46321a4d6f68c815e71201a9d47fa4594bc7dc66346fe10111269e612fa24ea%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22afHivmMVT9TeQ24W-jwdIBu5sx4nA_hY%22%3B%7D"
}
["host"]=>
array(1) {
[0]=>
string(14) "104.238.73.161"
}
["postman-token"]=>
array(1) {
[0]=>
string(36) "b2123a9e-1585-5a44-4af1-dab9f12951c6"
}
["user-agent"]=>
array(1) {
[0]=>
string(113) "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36"
}
}
}
知道为什么远程服务器会发生这种情况吗?请帮忙。
这可能是 CRSF 验证。你可以,在你的控制器中
Public $enableCsrfValidation = false;
这将禁用该控制器的每个操作的验证。
如果您想进一步挖掘,这里有更多信息:
https://yii2-cookbook.readthedocs.io/csrf/
遇到此问题的任何人您好,我已找到解决方案。
我在 .htaccess 文件中添加了以下行,问题已解决。
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=[=10=]
我从下面的帖子中找到了解决方案:
https://github.com/yiisoft/yii2/issues/6631
我正在开发一个 api 使用 yii2 REST Api basicauth。我已经在我本地的 xampp 服务器上开发成功了。我已经将代码部署到 vps 运行 centos。但我收到以下未经授权的回复:
{
"name": "Unauthorized",
"message": "Your request was made with invalid credentials.",
"code": 0,
"status": 401,
"type": "yii\web\UnauthorizedHttpException"
}
我已经正确设置了headers。
回应headers:
Connection →Keep-Alive
Content-Type →application/json; charset=UTF-8
Date →Fri, 05 May 2017 08:40:49 GMT
Keep-Alive →timeout=5, max=100
Server →Apache
Transfer-Encoding →chunked
Www-Authenticate →Basic realm="api"
X-Powered-By →PHP/5.6.30
my headers:
Authorization : Basic BVrVm3Ay0jg2XBr3TeITaClg
Content-Type : application/x-www-form-urlencoded
当我转储 headers 时,我没有看到授权 Header:
object(yii\web\HeaderCollection)#81 (1) {
["_headers":"yii\web\HeaderCollection":private]=>
array(10) {
["content-type"]=>
array(1) {
[0]=>
string(33) "application/x-www-form-urlencoded"
}
["accept"]=>
array(1) {
[0]=>
string(3) "*/*"
}
["accept-encoding"]=>
array(1) {
[0]=>
string(19) "gzip, deflate, sdch"
}
["accept-language"]=>
array(1) {
[0]=>
string(14) "en-US,en;q=0.8"
}
["cache-control"]=>
array(1) {
[0]=>
string(8) "no-cache"
}
["connection"]=>
array(1) {
[0]=>
string(10) "keep-alive"
}
["cookie"]=>
array(1) {
[0]=>
string(172) "_csrf=ed46321a4d6f68c815e71201a9d47fa4594bc7dc66346fe10111269e612fa24ea%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22afHivmMVT9TeQ24W-jwdIBu5sx4nA_hY%22%3B%7D"
}
["host"]=>
array(1) {
[0]=>
string(14) "104.238.73.161"
}
["postman-token"]=>
array(1) {
[0]=>
string(36) "b2123a9e-1585-5a44-4af1-dab9f12951c6"
}
["user-agent"]=>
array(1) {
[0]=>
string(113) "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36"
}
}
}
知道为什么远程服务器会发生这种情况吗?请帮忙。
这可能是 CRSF 验证。你可以,在你的控制器中
Public $enableCsrfValidation = false;
这将禁用该控制器的每个操作的验证。
如果您想进一步挖掘,这里有更多信息: https://yii2-cookbook.readthedocs.io/csrf/
遇到此问题的任何人您好,我已找到解决方案。
我在 .htaccess 文件中添加了以下行,问题已解决。
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=[=10=]
我从下面的帖子中找到了解决方案: https://github.com/yiisoft/yii2/issues/6631