3

I have written an API using Python EVE framework. While trying to access the API from an AngularJS app it shows an error as shown below :

XMLHttpRequest cannot load http://127.0.0.1:5000/user/jay3dec. Request header field Authorization is not allowed by Access-Control-Allow-Headers.

In order to correct the above error I added the following to the settings.py 

X_DOMAINS = '*'
X_HEADERS = 'Authorization'

Now the above error disappears and a new error shows in the console :

XMLHttpRequest cannot load http://127.0.0.1:5000/user/jay3dec. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access.

But I have already added the X_DOMAINS = '*' in my settings.py .

Here is the angularjs code:

    $scope.validate = function() {

    var encodedUserNameAndPassword = Base64.encode($scope.username + ':' + $scope.password);

    $http.defaults.headers.put = {
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS',
        'Access-Control-Allow-Headers': '*'
    };
    $http.defaults.headers.common['Authorization'] = 'Basic ' + encodedUserNameAndPassword;

    $http({
        method: 'GET',
        url: 'http://127.0.0.1:5000/user/jay3dec'
    }).
    success(function(data, status, headers, config) {
        console.log(data);
    }).
    error(function(data, status, headers, config) {
        alert(data);

    });
}

Can any spot what may be the issue

4

5 回答 5

4

FWIW,我有类似的问题。

然后我了解到只有模式定义的 API 才会获得 X_DOMAINS 标头的效果。如果您使用类似的东西自行定义的 api app = Eve(settings=blah)@app.route()则不会受到 X_DOMAINS 标头的影响。因此,在这种情况下,您需要编写自己的装饰器。

于 2015-08-17T18:48:00.303 回答
3

Eve 仅在以下情况下才会触发 CORS 响应

  • 请求包含一个Origin标头
  • X_DOMAIN在您的配置文件中设置 ( settings.py)

由于后一个条件似乎已经满足,我会确保该请求是正确的 CORS 请求并且它包含一个Origin标头。

更新阅读下面的评论后, 我认为 Postman 限制了 Origin 标头。尝试使用 curl 代替:

curl -H "Origin: http://example.com" --verbose http://localhost:5000

设置X_DOMAIN为该*请求应返回如下内容:

< HTTP/1.0 200 OK
< Content-Type: application/json
< Content-Length: 141
< Access-Control-Allow-Origin: http://example.com
< Vary: Origin
< Access-Control-Allow-Headers:
< Access-Control-Expose-Headers:
< Access-Control-Allow-Methods: HEAD, OPTIONS, GET
< Access-Control-Allow-Max-Age: 21600
< Server: Eve/0.5 Werkzeug/0.9.6 Python/2.7.8
< Date: Thu, 15 Jan 2015 08:41:08 GMT

如果这可行,则服务器正在正确地服务 CORS 请求。然后,您可以X_HEADERS根据需要调整其他 CORS 服务器端设置。

于 2015-01-14T19:55:34.327 回答
3

您必须将前夕配置为。

X_DOMAINS = '*'
X_HEADERS = ['Authorization','Content-type']
and angular as 
$http.defaults.headers.common['Authorization'] = 'Basic ' + auth;

这对我有用。

于 2016-09-30T09:19:11.357 回答
0

您还需要在 AngularJS 应用程序上打开 CORS

var myApp = angular.module('myApp', [
    'myAppApiService']);

myApp.config(['$httpProvider', function($httpProvider) {
        $httpProvider.defaults.useXDomain = true;
        delete $httpProvider.defaults.headers.common['X-Requested-With'];
    }
]);

支持 CORS 的服务器必须响应具有多个访问控制标头的请求:

Access-Control-Allow-Origin: "*"

默认情况下,CORS 请求不使用 cookie。如果服务器包含此标头,那么我们可以通过将 withCredentials 选项设置为 true 来发送 cookie 以及我们的请求。

Access-Control-Allow-Credentials (optional)

如果我们将请求中的 withCredentials 选项设置为 true,但服务器没有响应此标头,则请求将失败,反之亦然。

于 2015-01-14T19:07:15.183 回答
0

我能够通过使用pip install flask-cors然后编辑我的 eve 应用程序来使用它来解决我的问题:

from flask.ext.cors import CORS
app = Eve()
CORS(app)
于 2017-11-28T23:50:42.570 回答