因为使用CORS和http认证与AngularJS可以是棘手的我编辑的问题,以分享一个学到的教训。首先我要感谢igorzg。他的答案帮了我很多。方案如下:您想使用AngularJS $ http服务将POST请求发送到其他域。在获取AngularJS和服务器设置时,有一些棘手的事情需要注意。
第一:
在您的应用程序配置中,您必须允许跨域调用
/** * Cors usage example. * @author Georgi Naumov * gonaumov@gmail.com for contacts and * suggestions. **/ app.config(function($httpProvider) { //Enable cross domain calls $httpProvider.defaults.useXDomain = true; });
第二:
您必须指定withCredentials:true和用户名和密码
请求。
/** * Cors usage example. * @author Georgi Naumov * gonaumov@gmail.com for contacts and * suggestions. **/ $http({ url: 'url of remote service',method: "POST",data: JSON.stringify(requestData),withCredentials: true,headers: { 'Authorization': 'Basic bashe64usename:password' } });
Т:
服务器设置。您必须提供:
/** * Cors usage example. * @author Georgi Naumov * gonaumov@gmail.com for contacts and * suggestions. **/ header("Access-Control-Allow-Credentials: true"); header("Access-Control-Allow-Origin: http://url.com:8080"); header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS"); header("Access-Control-Allow-Headers: Origin,X-Requested-With,Content-Type,Accept,Authorization");
对于每个请求。当您收到OPTION时,您必须通过:
/** * Cors usage example. * @author Georgi Naumov * gonaumov@gmail.com for contacts and * suggestions. **/ if($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { header( "HTTP/1.1 200 OK" ); exit(); }
HTTP身份验证和其他所有事情。
这里是使用PHP的服务器端的完整示例。
<?PHP /** * Cors usage example. * @author Georgi Naumov * gonaumov@gmail.com for contacts and * suggestions. **/ header("Access-Control-Allow-Credentials: true"); header("Access-Control-Allow-Origin: http://url:8080"); header("Access-Control-Allow-Methods: GET,Authorization"); if($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { header( "HTTP/1.1 200 OK" ); exit(); } $realm = 'Restricted area'; $password = 'somepassword'; $users = array('someusername' => $password); if (isset($_SERVER['PHP_AUTH_USER']) == false || isset($_SERVER['PHP_AUTH_PW']) == false) { header('WWW-Authenticate: Basic realm="My Realm"'); die('Not authorised'); } if (isset($users[$_SERVER['PHP_AUTH_USER']]) && $users[$_SERVER['PHP_AUTH_USER']] == $password) { header( "HTTP/1.1 200 OK" ); echo 'You are logged in!' ; exit(); } ?>
没有你不必输入凭证,你必须把头放在客户端例如:
$http({ url: 'url of service',data: {test : name },headers: { 'Content-Type': 'application/json; charset=utf-8' } });
并且在服务器端,你必须把头放到这里是nodejs的例子:
/** * On all requests add headers */ app.all('*',function(req,res,next) { /** * Response settings * @type {Object} */ var responseSettings = { "AccessControlAllowOrigin": req.headers.origin,"AccessControlAllowHeaders": "Content-Type,X-CSRF-Token,Accept-Version,Content-Length,Content-MD5,Date,X-Api-Version,X-File-Name","AccessControlAllowMethods": "POST,GET,OPTIONS","AccessControlAllowCredentials": true }; /** * Headers */ res.header("Access-Control-Allow-Credentials",responseSettings.AccessControlAllowCredentials); res.header("Access-Control-Allow-Origin",responseSettings.AccessControlAllowOrigin); res.header("Access-Control-Allow-Headers",(req.headers['access-control-request-headers']) ? req.headers['access-control-request-headers'] : "x-requested-with"); res.header("Access-Control-Allow-Methods",(req.headers['access-control-request-method']) ? req.headers['access-control-request-method'] : responseSettings.AccessControlAllowMethods); if ('OPTIONS' == req.method) { res.send(200); } else { next(); } });