本文介绍了使用HMAC身份验证访问Api数据的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
have api_key, secret and I have to hash the signature to sha256. The signature = api_key+secret+utctimestamp. I am using Crypto.Js for hashing. I am getting following error
XMLHttpRequest cannot load "HOST LINK". No
'Access-Control-Allow-Origin' header is present on the requested resource. Origin localhost is therefore not allowed access
Following is my code
<script>
var app = (function($){
var baseURL = 'http://xyz.herokuapp.com/api/v1';
var apiSecretKey = 'ABC';
var apiKey = '123';
var init = function(){
$('#login').on('click', function(e){
e.preventDefault();
login();
});
};
var login = function() {
var u = encodeURIComponent($('#username').val());
var p = encodeURIComponent($('#password').val());
$.ajax({
type: "POST",
url: baseURL + "/login",
contentType: "application/json; charset=utf-8",
dataType: "json",
data: JSON.stringify({email: u, password: p}),
beforeSend: function (request) {
request.setRequestHeader('Access-Control-Allow-Origin', 'http://localhost');
request.setRequestHeader('X-HASH', getHMAC(apiKey, timestamp));
},
success: function (data) {
$('.loggedIn').show();
console.log(data);
$('.loggedIn .name').text("Hello ");
},
error: function (errorMessage) {
alert('Error logging in');
}
});
};
timestamp = new Date().getTime() / 1000;;
var getHMAC = function(key, timestamp) {
var hash = CryptoJS.SHA256(key+timestamp+apiSecretKey);
return hash.toString();
};
return {
init:init
};
})(jQuery);
app.init();
Is the error due to wrong hashing or CORS problem. This is the first time I am using HMAC authentication, I don't know if I am doing it right or wrong.
Google developer tools give me this information![enter image description here][1]
REQUEST Method: OPTION Status Code: 200 Ok
Request Header Access-Control-Request-Headers:access-control-allow-origin, accept, content-type, x-hash Access-Control-Request-Method:POST
Response Header Allow:DELETE, POST, OPTIONS Connection:keep-alive Content-Length:0 Content-Type:text/html; charset=utf-8 Date:Mon, 04 Aug 2014 21:30:06 GMT Server:gunicorn/18.0 Via:1.1 vegur推荐答案
这篇关于使用HMAC身份验证访问Api数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!