Angular 4:无法从响应中读取 headers - 不是 CORS 问题
Angular 4: unable to read headers from response - not a CORS issue
在服务器自动更新令牌的上下文中,我正在努力解决基础问题:从响应中获取 header 数据。
它似乎与 CORS 无关,因为我的 Node/express allwos Authorization/x-access-token 并相应地做出响应(参见下面的网络选项卡屏幕截图)。
我希望看到工作的第一步只是从响应中读取 header。查看我的代码,它是在文档中找到的样板。事件获取“Content-Length”returns null.
auth-service.ts
login(username:string, password:string):Observable<boolean>{
this.loggedIn = false;
return new Observable( (observer:Observer<boolean>) => {
const body = {user: username, pwd: password};
const url = this.config.API_ENDPOINT_PUBLIC_AUTH;
this.httpClient.post(url, body, {
responseType: 'text',
observe: "response"
}).first().subscribe(
(response:HttpResponse<string>) => {
// DEBUG
console.log(response.headers.get('Authorization'));
console.log(response.headers.get('X-Test-Header'));
console.log(response.headers.get('Content-length'));
this.token = response.headers.get('Authorization');
this.storeToken(this.token);
this.currentUser = username;
this.loggedIn = true;
this.authChanged$.next('auth');
observer.next(true);
},
(err) => observer.next(false),
() => {},
);
});
}
控制台输出:
null
null
null
将此与此请求的我的网络选项卡的内容进行比较:
不用说我的 HttpInterceptor 也不起作用 - 在响应中提供“授权”header 后,它使用该值作为新令牌。这是为了实现 auto-renewal 个令牌:
token.interceptor.ts
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
const authService = this.injector.get(AuthService);
const token = authService.getToken();
if(token){
request = request.clone({
setHeaders: { 'x-access-token' : token }
});
}
return next.handle(request).do(
(event: HttpEvent<any>) => {
if (event instanceof HttpResponse) {
const response:HttpResponse<any> = (<HttpResponse<any>> event);
const authorizationHeader = response.headers.get('Authorization');
console.log('Authorization header value: ' + authorizationHeader);
if(authorizationHeader){
authService.setToken(authorizationHeader);
}
}
},
(err: any) => {
if (err instanceof HttpErrorResponse){
if (err.status === 401) {
this.router.navigate(['/']);
}
}
});
}
好的,这是答案:我正在使用 Node.js/Express 作为后端,即使 headers 在 Chrome 的网络选项卡中可见,它也不会让它们可供 Angular.
处理
"How comes they're visible yet cannot be used?"我还是不太清楚
配置您的 Node/Express 应用(查找评论 "SOLUTION HERE"):
function configureExpress(expressApp){
expressApp.use(bodyparser.urlencoded({ extended: true }));
expressApp.use(bodyparser.json());
// Middleware: Use CORS, add headers and allow methods
expressApp.use(expressMiddleware);
}
function expressMiddleware(req, res, next) {
// Request origin: Allow ALL
res.header("Access-Control-Allow-Origin", "*");
// Allowed headers
res.header("Access-Control-Allow-Headers",
"Origin"
+",X-Requested-With" // Dont allow AJAX CORS without server consent - see http://whosebug.com/questions/17478731/whats-the-point-of-the-x-requested-with-header
+",x-access-token"
+",Content-Type"
+",Authorization"
+",Accept"
);
// SOLUTION HERE
// Allow headers access
res.header("access-control-expose-headers",
",Authorization"
+",Content-Length"
);
// Allowed methods
res.header('Access-Control-Allow-Methods',
'GET,'
+',POST'
+',OPTIONS'
+',PUT,'
+',DELETE'
);
// Handle CORS requests: cross-domain/origin requests will begin with an OPTION request to the same endpoint.
if('OPTIONS' === req.method){
res.sendStatus(200);
}
else{
// Request validations complete
next();
}
}
添加更多相关信息的答案
我正在使用 Angular 7 并且只是在 Access-Control-Expose-Headers 中添加自定义 header在 API 中对我不起作用。
这里的问题是自定义 header 必须小写,因为 Access-Control-Expose-Headers
中的逗号分隔值
示例(快递)
const cors = require('cors');
const corsOptions = {
allowedHeaders: 'x-custom-one,x-custom-two',
exposedHeaders: 'x-custom-one,x-custom-two'
}
app.use(cors(corsOptions));
在服务器自动更新令牌的上下文中,我正在努力解决基础问题:从响应中获取 header 数据。
它似乎与 CORS 无关,因为我的 Node/express allwos Authorization/x-access-token 并相应地做出响应(参见下面的网络选项卡屏幕截图)。
我希望看到工作的第一步只是从响应中读取 header。查看我的代码,它是在文档中找到的样板。事件获取“Content-Length”returns null.
auth-service.ts
login(username:string, password:string):Observable<boolean>{
this.loggedIn = false;
return new Observable( (observer:Observer<boolean>) => {
const body = {user: username, pwd: password};
const url = this.config.API_ENDPOINT_PUBLIC_AUTH;
this.httpClient.post(url, body, {
responseType: 'text',
observe: "response"
}).first().subscribe(
(response:HttpResponse<string>) => {
// DEBUG
console.log(response.headers.get('Authorization'));
console.log(response.headers.get('X-Test-Header'));
console.log(response.headers.get('Content-length'));
this.token = response.headers.get('Authorization');
this.storeToken(this.token);
this.currentUser = username;
this.loggedIn = true;
this.authChanged$.next('auth');
observer.next(true);
},
(err) => observer.next(false),
() => {},
);
});
}
控制台输出:
null
null
null
将此与此请求的我的网络选项卡的内容进行比较:
不用说我的 HttpInterceptor 也不起作用 - 在响应中提供“授权”header 后,它使用该值作为新令牌。这是为了实现 auto-renewal 个令牌:
token.interceptor.ts
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
const authService = this.injector.get(AuthService);
const token = authService.getToken();
if(token){
request = request.clone({
setHeaders: { 'x-access-token' : token }
});
}
return next.handle(request).do(
(event: HttpEvent<any>) => {
if (event instanceof HttpResponse) {
const response:HttpResponse<any> = (<HttpResponse<any>> event);
const authorizationHeader = response.headers.get('Authorization');
console.log('Authorization header value: ' + authorizationHeader);
if(authorizationHeader){
authService.setToken(authorizationHeader);
}
}
},
(err: any) => {
if (err instanceof HttpErrorResponse){
if (err.status === 401) {
this.router.navigate(['/']);
}
}
});
}
好的,这是答案:我正在使用 Node.js/Express 作为后端,即使 headers 在 Chrome 的网络选项卡中可见,它也不会让它们可供 Angular.
处理"How comes they're visible yet cannot be used?"我还是不太清楚
配置您的 Node/Express 应用(查找评论 "SOLUTION HERE"):
function configureExpress(expressApp){
expressApp.use(bodyparser.urlencoded({ extended: true }));
expressApp.use(bodyparser.json());
// Middleware: Use CORS, add headers and allow methods
expressApp.use(expressMiddleware);
}
function expressMiddleware(req, res, next) {
// Request origin: Allow ALL
res.header("Access-Control-Allow-Origin", "*");
// Allowed headers
res.header("Access-Control-Allow-Headers",
"Origin"
+",X-Requested-With" // Dont allow AJAX CORS without server consent - see http://whosebug.com/questions/17478731/whats-the-point-of-the-x-requested-with-header
+",x-access-token"
+",Content-Type"
+",Authorization"
+",Accept"
);
// SOLUTION HERE
// Allow headers access
res.header("access-control-expose-headers",
",Authorization"
+",Content-Length"
);
// Allowed methods
res.header('Access-Control-Allow-Methods',
'GET,'
+',POST'
+',OPTIONS'
+',PUT,'
+',DELETE'
);
// Handle CORS requests: cross-domain/origin requests will begin with an OPTION request to the same endpoint.
if('OPTIONS' === req.method){
res.sendStatus(200);
}
else{
// Request validations complete
next();
}
}
添加更多相关信息的答案
我正在使用 Angular 7 并且只是在 Access-Control-Expose-Headers 中添加自定义 header在 API 中对我不起作用。
这里的问题是自定义 header 必须小写,因为 Access-Control-Expose-Headers
中的逗号分隔值示例(快递)
const cors = require('cors');
const corsOptions = {
allowedHeaders: 'x-custom-one,x-custom-two',
exposedHeaders: 'x-custom-one,x-custom-two'
}
app.use(cors(corsOptions));