浏览器中的空 HTTP 响应 headers 但在 POSTMAN 中填写
Empty HTTP response headers in browser but filled in POSTMAN
我创建了一个带有 React 前端的 Spring 引导后端。
当我通过浏览器向后端发送 HTTP 请求时,我收到了一个
响应为空 headers.
- Browser response with empty headers
当我通过 POSTMAN 工具发送 HTTP 请求时,我被填满了 headers!
- POSTMAN response with fullfilled headers
这对我来说没有意义。
代码: https://github.com/The-Taskmanager/SelfServiceWebwizard
后端映射
@PostMapping("/signin")
public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest) {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
loginRequest.getUsernameOrEmail(),
loginRequest.getPassword()
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
String jwt = tokenProvider.generateToken(authentication);
HttpHeaders headers = new HttpHeaders();
headers.add("Mustermann", "Max");
headers.add("Content-Type", "application/json");
headers.add("Authorization", new JwtAuthenticationResponse(jwt).getAccessToken());
return ResponseEntity.ok().headers(headers).body(new JwtAuthenticationResponse(jwt));
}
前端请求
login(username: string, password: string) {
fetch('http://localhost:8080/api/auth/signin', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
"usernameOrEmail": username,
"password": password
})
}).then(response => {
console.log(response);
console.log(response.text());
console.log(response.headers);
})
.catch(error => console.error(error));
}
更新 1:
添加了此方法,但浏览器中的 headers 仍然为空:
CorsConfigurationSource corsConfigurationSource() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration().applyPermitDefaultValues();
source.registerCorsConfiguration("/**", config);
return source;
}
更新2:
当我用 React 请求时,Spring Boot 显示这个错误:
ERROR 8876 --- [nio-8080-exec-4] c.s.jwt.JwtAuthenticationEntryPoint: Responding with unauthorized error. Message - full authentication is required to access this resource
浏览器控制台:
当我用 Postman 请求时,Spring 启动时没有显示错误。
更新3:
Request-header 由 React 发送:
{
host=[localhost:8080],
content-type=[application/json],
cache-control=[no-cache],
user-agent=[Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0],
accept-encoding=[gzip, deflate],
content-length=[58],
referer=[http://localhost:8080/],
origin=[http://localhost:8080],
dnt=[1],
connection=[keep-alive],
accept-language=[de,en-US;q=0.7,en;q=0.3],
accept=[*/*]
}
Request-header POSTMAN 从 POSTMAN 控制台发送:
host:"localhost:8080"
content-type:"application/json"
cache-control:"no-cache"
user-agent:"PostmanRuntime/7.1.5"
accept-encoding:"gzip, deflate"
content-length:68
postman-token:"b00fd7a8-bd34-4a32-8681-990b04012e3b"
cookie:"JSESSIONID=2CAEC9280432DD13AABA53B73B7874AC"
accept:"*/*"
自己解决了
更改了前端获取方法中的代码
console.log(response.headers)
// changed to:
console.log(response.headers.get('Authorization')
所以 headers 一直都在那里,但我无法使用 React 在浏览器控制台中记录它们。
然而 UPDATE2 中存在 Spring 引导(完全身份验证)和浏览器 (401) 错误。不知道这是从哪里来的。
我创建了一个带有 React 前端的 Spring 引导后端。
当我通过浏览器向后端发送 HTTP 请求时,我收到了一个 响应为空 headers.
- Browser response with empty headers
当我通过 POSTMAN 工具发送 HTTP 请求时,我被填满了 headers!
- POSTMAN response with fullfilled headers
这对我来说没有意义。
代码: https://github.com/The-Taskmanager/SelfServiceWebwizard
后端映射
@PostMapping("/signin")
public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest) {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
loginRequest.getUsernameOrEmail(),
loginRequest.getPassword()
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
String jwt = tokenProvider.generateToken(authentication);
HttpHeaders headers = new HttpHeaders();
headers.add("Mustermann", "Max");
headers.add("Content-Type", "application/json");
headers.add("Authorization", new JwtAuthenticationResponse(jwt).getAccessToken());
return ResponseEntity.ok().headers(headers).body(new JwtAuthenticationResponse(jwt));
}
前端请求
login(username: string, password: string) {
fetch('http://localhost:8080/api/auth/signin', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
"usernameOrEmail": username,
"password": password
})
}).then(response => {
console.log(response);
console.log(response.text());
console.log(response.headers);
})
.catch(error => console.error(error));
}
更新 1: 添加了此方法,但浏览器中的 headers 仍然为空:
CorsConfigurationSource corsConfigurationSource() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration().applyPermitDefaultValues();
source.registerCorsConfiguration("/**", config);
return source;
}
更新2:
当我用 React 请求时,Spring Boot 显示这个错误:
ERROR 8876 --- [nio-8080-exec-4] c.s.jwt.JwtAuthenticationEntryPoint: Responding with unauthorized error. Message - full authentication is required to access this resource
浏览器控制台:
当我用 Postman 请求时,Spring 启动时没有显示错误。
更新3:
Request-header 由 React 发送:
{
host=[localhost:8080],
content-type=[application/json],
cache-control=[no-cache],
user-agent=[Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0],
accept-encoding=[gzip, deflate],
content-length=[58],
referer=[http://localhost:8080/],
origin=[http://localhost:8080],
dnt=[1],
connection=[keep-alive],
accept-language=[de,en-US;q=0.7,en;q=0.3],
accept=[*/*]
}
Request-header POSTMAN 从 POSTMAN 控制台发送:
host:"localhost:8080"
content-type:"application/json"
cache-control:"no-cache"
user-agent:"PostmanRuntime/7.1.5"
accept-encoding:"gzip, deflate"
content-length:68
postman-token:"b00fd7a8-bd34-4a32-8681-990b04012e3b"
cookie:"JSESSIONID=2CAEC9280432DD13AABA53B73B7874AC"
accept:"*/*"
自己解决了
更改了前端获取方法中的代码
console.log(response.headers)
// changed to:
console.log(response.headers.get('Authorization')
所以 headers 一直都在那里,但我无法使用 React 在浏览器控制台中记录它们。
然而 UPDATE2 中存在 Spring 引导(完全身份验证)和浏览器 (401) 错误。不知道这是从哪里来的。