当我调用端点时,我的 headers 没有发送到我的后端
My headers are not sent to my backend when I call the endpoints
我正在尝试调用我的 firebase 函数托管后端的 api 端点,但我遇到了困难。
这是我端点的代码:
app.post("/hello", (req,res) => {
console.log(req.headers);
res.status(200).json({
message: "Hello"
})
})
我还设置了一个带有中间件的身份验证令牌检查,如下所示:
app.use(validateFirebaseIdToken);
const validateFirebaseIdToken = async (req,res,next) => {
console.log(req);
functions.logger.log('Check if request is authorized with Firebase ID token');
if ((!req.headers.authorization || !req.headers.authorization.startsWith('Bearer ')) &&
!(req.cookies && req.cookies.__session)) {
functions.logger.error(
'No Firebase ID token was passed as a Bearer token in the Authorization header.',
'Make sure you authorize your request by providing the following HTTP header:',
'Authorization: Bearer <Firebase ID Token>',
'or by passing a "__session" cookie.'
);
res.status(403).send('Unauthorized');
return;
}
let idToken;
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
functions.logger.log('Found "Authorization" header');
// Read the ID Token from the Authorization header.
idToken = req.headers.authorization.split('Bearer ')[1];
} else if(req.cookies) {
functions.logger.log('Found "__session" cookie');
// Read the ID Token from cookie.
idToken = req.cookies.__session;
} else {
// No cookie
res.status(403).send('Unauthorized');
return;
}
try {
const decodedIdToken = await admin.auth().verifyIdToken(idToken);
functions.logger.log('ID Token correctly decoded', decodedIdToken);
req.user = decodedIdToken;
next();
return;
} catch (error) {
functions.logger.error('Error while verifying Firebase ID token:', error);
res.status(403).send('Unauthorized');
return;
}
}
在我的 axios 请求中,我这样做了:
const headerAPI = {
withCredentials: true,
Authorization: `Bearer ${myToken}`
}
allInfo = await axios.post('http://localhost:5001/stormtestfordota/europe-west1/api/hello', headerAPI);
但即使我输入了正确的身份验证令牌,我也会在控制台中收到它
{"severity":"INFO","message":"Check if request is authorized with Firebase ID token"}
{"severity":"ERROR","message":"No Firebase ID token was passed as a Bearer token in the Authorization header. Make sure you authorize your request by providing the following HTTP header: Authorization: Bearer or by passing a "__session" cookie."}
在我的浏览器中我得到这个错误:
Access to XMLHttpRequest at 'http://localhost:5001/stormtestfordota/europe-west1/api/hello' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
即使我为 localhost:3000 启用了 CORS 策略。
你知道为什么会这样吗?
我的后端 CORS 有问题。我必须设置一个白名单并添加我的前端的 IP 地址。
我正在尝试调用我的 firebase 函数托管后端的 api 端点,但我遇到了困难。
这是我端点的代码:
app.post("/hello", (req,res) => {
console.log(req.headers);
res.status(200).json({
message: "Hello"
})
})
我还设置了一个带有中间件的身份验证令牌检查,如下所示:
app.use(validateFirebaseIdToken);
const validateFirebaseIdToken = async (req,res,next) => {
console.log(req);
functions.logger.log('Check if request is authorized with Firebase ID token');
if ((!req.headers.authorization || !req.headers.authorization.startsWith('Bearer ')) &&
!(req.cookies && req.cookies.__session)) {
functions.logger.error(
'No Firebase ID token was passed as a Bearer token in the Authorization header.',
'Make sure you authorize your request by providing the following HTTP header:',
'Authorization: Bearer <Firebase ID Token>',
'or by passing a "__session" cookie.'
);
res.status(403).send('Unauthorized');
return;
}
let idToken;
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer ')) {
functions.logger.log('Found "Authorization" header');
// Read the ID Token from the Authorization header.
idToken = req.headers.authorization.split('Bearer ')[1];
} else if(req.cookies) {
functions.logger.log('Found "__session" cookie');
// Read the ID Token from cookie.
idToken = req.cookies.__session;
} else {
// No cookie
res.status(403).send('Unauthorized');
return;
}
try {
const decodedIdToken = await admin.auth().verifyIdToken(idToken);
functions.logger.log('ID Token correctly decoded', decodedIdToken);
req.user = decodedIdToken;
next();
return;
} catch (error) {
functions.logger.error('Error while verifying Firebase ID token:', error);
res.status(403).send('Unauthorized');
return;
}
}
在我的 axios 请求中,我这样做了:
const headerAPI = {
withCredentials: true,
Authorization: `Bearer ${myToken}`
}
allInfo = await axios.post('http://localhost:5001/stormtestfordota/europe-west1/api/hello', headerAPI);
但即使我输入了正确的身份验证令牌,我也会在控制台中收到它
{"severity":"INFO","message":"Check if request is authorized with Firebase ID token"} {"severity":"ERROR","message":"No Firebase ID token was passed as a Bearer token in the Authorization header. Make sure you authorize your request by providing the following HTTP header: Authorization: Bearer or by passing a "__session" cookie."}
在我的浏览器中我得到这个错误:
Access to XMLHttpRequest at 'http://localhost:5001/stormtestfordota/europe-west1/api/hello' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
即使我为 localhost:3000 启用了 CORS 策略。
你知道为什么会这样吗?
我的后端 CORS 有问题。我必须设置一个白名单并添加我的前端的 IP 地址。