Angular & Spring - Headers 未传递到后端
Angular & Spring - Headers not passed to backend
我正在尝试在我的 Angular front-end 的 http 请求中添加授权 header,但它不起作用:后端没有收到此 header.
当我在 Chrome 的控制台上观看时,我可以看到请求包含 header.
当我使用 Postman 时,后端的 header 没问题。
这是邮差截图:
这是我的 Angular 拦截器:
intercept(request: HttpRequest<any>, next: HttpHandler):
Observable<HttpEvent<any>> {
if (!request.url.startsWith('http')) {
if (localStorage.getItem('token')) {
let headers: HttpHeaders = request.headers;
headers = headers.set('Authorization', 'Bearer ' +
localStorage.getItem('token'));
request = request.clone({
url: environment.backendUrl + request.url, headers
});
}
}
console.log("headers are : ", request.headers);
return next.handle(request).pipe(catchError((error:
HttpErrorResponse) =>
{
[...]
})) as any;
}
这是我的 Spring 过滤器:
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
// Assume we have only one Authorization header value
final Optional<String> token = Optional.ofNullable(request.getHeader(HttpHeaders.AUTHORIZATION));
// Optional is empty
[...]
}
您必须在 Access-Control-Allow-Headers(在后端)
中添加授权 header 密钥
Access-Control-Allow-Headers:授权(当你这样给出它接受指定的 headers only.means 如果你想接受另一个像授权一样的密钥你必须提到那个密钥名称)
或
你也可以这样给
Access-Control-Allow-Headers: *
我的问题出在 WebSecurityConfig,我忘记启用 CORS 了:
http
.cors().and()
我正在尝试在我的 Angular front-end 的 http 请求中添加授权 header,但它不起作用:后端没有收到此 header.
当我在 Chrome 的控制台上观看时,我可以看到请求包含 header.
当我使用 Postman 时,后端的 header 没问题。
这是邮差截图:
这是我的 Angular 拦截器:
intercept(request: HttpRequest<any>, next: HttpHandler):
Observable<HttpEvent<any>> {
if (!request.url.startsWith('http')) {
if (localStorage.getItem('token')) {
let headers: HttpHeaders = request.headers;
headers = headers.set('Authorization', 'Bearer ' +
localStorage.getItem('token'));
request = request.clone({
url: environment.backendUrl + request.url, headers
});
}
}
console.log("headers are : ", request.headers);
return next.handle(request).pipe(catchError((error:
HttpErrorResponse) =>
{
[...]
})) as any;
}
这是我的 Spring 过滤器:
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
// Assume we have only one Authorization header value
final Optional<String> token = Optional.ofNullable(request.getHeader(HttpHeaders.AUTHORIZATION));
// Optional is empty
[...]
}
您必须在 Access-Control-Allow-Headers(在后端)
中添加授权 header 密钥Access-Control-Allow-Headers:授权(当你这样给出它接受指定的 headers only.means 如果你想接受另一个像授权一样的密钥你必须提到那个密钥名称)
或
你也可以这样给
Access-Control-Allow-Headers: *
我的问题出在 WebSecurityConfig,我忘记启用 CORS 了:
http
.cors().and()