REFRESH

REFRESH

关注
发信
T-SQL - GROUP BY 和 LIKE - 这可能吗?
MyBatis String作为参数
MySQL插入自动增量
【历史上的今天】7 月 22 日:Linux 开发的“二把手”出生;苹果发布 OS 8;MSN 发布
C ++输出问题.
使用node-jspdf的jsPDF服务器端(node.js)用法
的TransactionScope和交易
带有队列的 Python 线程:如何避免使用连接?
如何在django自定义管理页面中添加默认添加用户页面?
没有为响应类ArrayList找到消息正文编写器
如何在openshift上部署kaa
在 Windows 中从命令提示符编译 C 代码?
如何在Visual Basic 6.0中使用在Visual Basic 2008中创建的dll
错误代码:InvalidIntentSamplePhraseSlot -
没有rekoad页面转到下一页

CORS适用于访问令牌但不刷新令牌在网页API 2

扫码查看
本文介绍了CORS适用于访问令牌但不刷新令牌在网页API 2的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个Web API 2个应用程序,我打电话给使用angularjs客户端。该网站的API应用程序是能够发出的访问令牌,并刷新令牌身份验证。

I have a web api 2 app which I call to using an angularjs client. The web api app is capable of issuing access tokens and refresh tokens for authentication.

有在GrantResourceOwnersCredentials的方法如下线,CORS工作正常允许发出访问令牌:

Having the following lines in the "GrantResourceOwnersCredentials" method, the CORS is working fine for allowing to issue access tokens:

var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
  if (allowedOrigin == null) allowedOrigin = "*";
  context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

然而,当我试图通过angularjs应用程序发出刷新令牌,我在控制台得到这个好老的错误:

However, when I try to issue refresh tokens through the angularjs app, I get this good old error in the console:

OPTIONS http://localhost:65141/token
(index):1 XMLHttpRequest cannot load http://localhost:65141/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:56815' is therefore not allowed access. The response had HTTP status code 400.

我在想作为访问令牌正在发行的罚款,并刷新标记使用的是同一个端点同时发出,我应该怎么做才能解决这个问题?

I was wondering as the access tokens are being issued fine, and the refresh tokens are also issued using the same endpoint, what should I do to overcome this issue?

顺便说一句,角code是罚款。我禁用谷歌浏览器的Web安全,然后一切工作!任何帮助是极大AP preciated!

By the way, the angular code is fine. I disabled google chrome web security and then everything worked! Any help is greatly appreciated!

推荐答案

搜索整个互联网吓坏后,这里是我发现,解决该问题。添加此code到AuthorizationProvider将解决此问题:

After searching the whole freaking internet, here is what I found that resolves the problem. Adding this code to the AuthorizationProvider will resolve the problem:

public override Task MatchEndpoint(OAuthMatchEndpointContext context)
        {
            if (context.IsTokenEndpoint && context.Request.Method == "OPTIONS")
            {
                context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
                context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers", new[] { "authorization" });
                context.RequestCompleted();
                return Task.FromResult(0);
            }

            return base.MatchEndpoint(context);
        }

这篇关于CORS适用于访问令牌但不刷新令牌在网页API 2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-22 22:17
查看更多
Powered by LMLPHP ©2025 REFRESH 0.034131