问题描述
我试图用建立一个瓶API的网站,我使用烧瓶智威汤逊来提供令牌授权。结果
该authorizaiton工作正常,如果我做的Apache CORS(使用mod_headers中添加允许接入头,这样的
I'm trying to build a api site using Flask, and I am using Flask-jwt to provide token authorization.
The authorizaiton works fine if I do CORS in Apache ( using mod_headers to add Allow-Access headers, like this
标题设置访问控制允许来源*
不过,我想有更详细的访问控制,而不是只使用通配符。我看着烧瓶-CORS ,这是一个很好的包装,检查起源和发送标题。
现在我的路线看起来像这样(在Apache的设置无头操作)
However, I want to have more detailed access control instead of just using wildcard. and I looked at flask-cors, which is a nice wrapper to check origin and send the header.And now my route looks like this (and no header manipulation in apache settings)
@app.route('/protected/place')
@cross_origin(headers=['Content-Type']) # Send Access-Control-Allow-Headers
@jwt_required()
def my_view_func():
do something
但现在我不会得到访问控制标头来自服务器的响应,如果我做的javascript http请求。 (但是,如果我手动发布,喜欢做卷曲,我仍然可以看到交叉起源插件的工作和访问控制头)
But now I will not get the Access-Control headers response from the server if I make the http request from javascript. (However, if I manually post, like doing curl, i can still see the cross origin plugin working and the Access control headers)
当我删除 @jwt_required 包装,该包装cross_origin功能很好,它会给我答复。
施加jwt_required包装时,没有响应可从服务器中可以看出。
When I remove the @jwt_required wrapper, the cross_origin wrapper functions fine and it will give me response.when the jwt_required wrapper is applied, no response can be seen from the server.
我调试我的客户端页面铬。 BTW
I'm debugging my client page with chrome. BTW
我试图改变包装的顺序,但它并不能帮助。
I tried to change the order of the wrappers, but it doesn't help.
有没有可能,如果认证失败,cross_origin包装将不会发送接入控制头?
Is it possible that, if the authentication fails, the cross_origin wrapper will not send the Access Control headers?
两个包装的源头code:结果
烧瓶智威汤逊:结果
的
瓶-CORS:结果
the source code of the two wrappers :
flask-jwt:
https://github.com/mattupstate/flask-jwt/blob/master/flask_jwt/init.py
flask-cors:
https://github.com/wcdolphin/flask-cors/blob/master/flask_cors.py
推荐答案
挣扎了几个小时后,我终于发现了问题。希望它可以帮助其他人谁encouter同样的问题。结果
只需要包含授权中的头的说法(其中设置了接入控制允许标题字段)时,需要身份验证。结果
这样的结果
@ app.route('/保护/地方)
@cross_origin(标题= ['内容类型','授权'])#发送接入控制允许头
@jwt_required()
高清my_view_func():
做点什么
After struggling for many hours, I finally found the problem. Hope it helps others who encouter the same problem.
Just need to include Authorization in "headers" argument (which sets the Access-Control-Allow-Headers field) when authentication is needed.
Like this@app.route('/protected/place')@cross_origin(headers=['Content-Type','Authorization']) # Send Access-Control-Allow-Headers@jwt_required()def my_view_func(): do something
这篇关于当施加智威汤逊AUTH包装瓶-CORS包装不工作。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!