您的位置: 首页  >  技术问答  >  401取消授权("详细信息& quot;:"未提供身份验证凭据.& quot;)

401取消授权("详细信息& quot;:"未提供身份验证凭据.& quot;)

分类: 技术问答 2022-04-02 00:02:57

401取消授权("详细信息& quot;:"未提供身份验证凭据.& quot;)

问题描述:

我正在后端使用djoser的身份验证.当我通过具有内容类型和Authorization标头的邮递员在"/account/me/"处发出获取请求时,我得到了正确的响应.但是,当我尝试从我的有角度的客户端执行相同的请求时,出现 401 Unatuhorized("detail":未提供身份验证凭据.")错误.这是我的角度服务

i am using djoser's authentication at backend. when i make a get request at "/account/me/" through post man with content-type and Authorization header i am getting a correct response. But when i try to do same request from my angular client i get 401 Unatuhorized("detail":"Authentication credentials were not provided.") error. here is my angular service 

import { Injectable } from '@angular/core';
import {homeUrls} from "../../../utils/urls";
import {Http, RequestOptions, Headers Response} from '@angular/http';
import {HttpHeaders,} from "@angular/common/http";
@Injectable()
export class AdsService {
  private headers = new Headers();
  private token: string;
  constructor(private http: Http) {
    this.token = localStorage.getItem('token');
    console.log("token is " , this.token);
    //this.headers = new Headers({'Content-Type': 'application/json' , 'Authorization': 'Token ' + this.token });
     this.headers.append('Authorization', 'Token ' + this.token);
     this.headers.append('Content-Type', 'application/json');
    console.log(this.headers);
    this.getMe();
  }

  getMe(): Promise<any> {
    let options = new RequestOptions({ headers: this.headers });
      return this.http.get(homeUrls.User, options)
        .toPromise()
        .then(res=> {
          console.log("user is");
          console.log(res.json());
        });
  }

,这是网络"标签的标题窗口的屏幕截图.

and here is the screenshot of headers window of my network tab.

任何解决方案?

在进行预检请求时,将不包括诸如 Authorization 之类的自定义标头.

When doing a preflight requests, custom headers such as Authorization will not be included.

因此,如果您的服务器只希望经过身份验证的用户执行OPTIONS请求,那么您将最终总是收到401错误(因为标头将永远不会传递)

So, if your server expects only authenticated users to perform an OPTIONS requests, then you'll end up always getting 401 errors (since the headers will never be passed)

现在,我一点都不了解django,但是从这里的线程看来,这是一个已知问题

Now, I don't know django at all, but from this thread here it looks like a known issue

https://github.com/encode/django-rest-framework/issues/5616

也许可以尝试建议的解决方法,即使用自定义权限检查器,而不是使用django rest框架的默认值

Maybe try the suggested workaround, which is using a custom permission checker instead of using django rest framework's default

解决方法(来自上述线程)

Workaround (from above thread)

# myapp/permissions.py
from rest_framework.permissions import IsAuthenticated

class AllowOptionsAuthentication(IsAuthenticated):
    def has_permission(self, request, view):
        if request.method == 'OPTIONS':
            return True
        return request.user and request.user.is_authenticated

And in settings.py:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.TokenAuthentication',),
    'DEFAULT_PERMISSION_CLASSES': (
        'myapp.permissions.AllowOptionsAuthentication',
    )
}

相关推荐