我有一个工作环境:
django==1.10
django-rest-framework==3.5.3
djangorestframework-jsonapi==2.1.1
channels
(最新的)daphne
(最新)而不是gunicorn
.
我在docker 环境中nginx
用作上面的代理服务器。daphne
我正在构建一个angular 2
连接到上述后端的单独 SPA,并且我正在使用django-cors-headers==2.0.2
它来允许来自该 Web 应用程序的连接。
它适用于:USE_I18N = False
当我设置 Django 的USE_I18N = False
. 当尝试对后端进行身份验证时,我发送一个 POST 请求,相当于:
curl -H "Content-Type: application/vnd.api+json" -X POST -d '{"data": {"type": "obtainJSONWebTokens", "attributes": {"email":"admin@email.com", "password":"password"}}}' http://localhost/api/auth/login/ --verbose
卷曲的输出:
* Trying ::1...
* Connected to localhost (::1) port 80 (#0)
> POST /api/auth/login/ HTTP/1.1
> Host: localhost
> User-Agent: curl/7.49.0
> Accept: */*
> Content-Type: application/vnd.api+json
> Content-Length: 107
>
* upload completely sent off: 107 out of 107 bytes
< HTTP/1.1 200 OK
< Server: nginx/1.11.9
< Date: Mon, 20 Mar 2017 13:00:47 GMT
< Content-Type: application/vnd.api+json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Allow: POST, OPTIONS
< X-Frame-Options: SAMEORIGIN
< Content-Language: en
< Vary: Accept, Accept-Language, Cookie
<
{"data":{"token":"<token>"}}
* Connection #0 to host localhost left intact
我收到了我应该收到的 JWT 令牌。一切正常。
它失败了:USE_I18N = True
但是,相同的连接在USE_I18N = True
.
卷曲的输出:
* Trying ::1...
* Connected to localhost (::1) port 80 (#0)
> POST /api/auth/login/ HTTP/1.1
> Host: localhost
> User-Agent: curl/7.49.0
> Accept: */*
> Content-Type: application/vnd.api+json
> Content-Length: 107
* upload completely sent off: 107 out of 107 bytes
< HTTP/1.1 302 Found
< Server: nginx/1.11.9
< Date: Mon, 20 Mar 2017 12:53:49 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Location: /en/api/auth/login/
< Vary: Cookie
<
* Connection #0 to host localhost left intact
客户端返回的错误是:
XMLHttpRequest cannot load http://localhost/api/auth/login/. Redirect from 'http://localhost/api/auth/login/' to 'http://localhost/en/api/auth/login/' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.
相关设置:
INSTALLED_APPS += (
'corsheaders',
)
if DEBUG is True:
CORS_ORIGIN_ALLOW_ALL = True
MIDDLEWARE_CLASSES = (
'corsheaders.middleware.CorsMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.admindocs.middleware.XViewMiddleware',
)
似乎不是客户端请求失败,而是从“ http://localhost/api/auth/login/ ”重定向到“ http://localhost/en/api/auth/login/ ”,Django在其中添加了'en' 到 URL。
有人可以对此有所了解吗?
我搜索了django-cors-headers
相关问题,但没有一个是针对这种与 I18N 明显不兼容的问题。该库在没有 I18N 的情况下工作正常,只是没有打开它。
编辑 2017-03-21
鉴于接受的答案中所述的限制,我选择简单地避免 Django 的语言 URL 重定向。在使用USE_I18N = True
时,我完全避免i18n_patterns
在根 URLconf 中。
事实上,Django Rest Framework 声明这是 API 客户端的最佳实践:
如果您想允许每个请求的语言首选项,您需要将其包含
django.middleware.locale.LocaleMiddleware
在您的MIDDLEWARE_CLASSES
设置中。您可以在 Django 文档中找到有关如何确定语言首选项的更多信息。供参考,方法是:
- 首先,它在请求的 URL 中查找语言前缀。
- 否则,它会
LANGUAGE_SESSION_KEY
在当前用户的会话中查找密钥。- 如果做不到这一点,它会寻找一个 cookie。
- 如果做不到这一点,它会查看
Accept-Language
HTTP 标头。- 否则,它将使用全局
LANGUAGE_CODE
设置。对于 API 客户端,最合适的通常是使用
Accept-Language
标头;除非使用会话身份验证,否则会话和 cookie 将不可用,通常更好的做法是更喜欢Accept-Language
API 客户端的标头而不是使用语言 URL 前缀。
因此,我保持上述设置相同,但在根目录中更改了以下内容URLconf
:
urlpatterns += i18n_patterns(
url(_(r'^api/$'), SwaggerSchemaView.as_view(), name='api'),
url(_(r'^api/account/'), include(account_patterns, namespace='account')),
url(_(r'^api/auth/'), include(auth_patterns, namespace='auth')),
url(_(r'^api/'), include('apps.party.api.urls', namespace='parties')),
url(_(r'^api/'), include('apps.i18n.api.urls', namespace='i18n')),
url(_(r'^api-auth/'), include('rest_framework.urls', namespace='rest_framework')),
url(_(r'^admin/'), include(admin_patterns)),
url(_(r'^docs/'), include('apps.docs.urls'))
)
到
urlpatterns += ([
url(_(r'^api/$'), SwaggerSchemaView.as_view(), name='api'),
url(_(r'^api/account/'), include(account_patterns, namespace='account')),
url(_(r'^api/auth/'), include(auth_patterns, namespace='auth')),
url(_(r'^api/'), include('apps.party.api.urls', namespace='parties')),
url(_(r'^api/'), include('apps.i18n.api.urls', namespace='i18n')),
url(_(r'^api-auth/'), include('rest_framework.urls', namespace='rest_framework')),
url(_(r'^admin/'), include(admin_patterns)),
url(_(r'^docs/'), include('apps.docs.urls'))]
)
所以,现在,做:
curl -H "Content-Type: application/vnd.api+json" -H "Accept-Language: pt" -X POST -d '{"data": {"type": "obtainJSONWebTokens", "attributes": {"email":"admin@email.com", "password":"password"}}}' http://localhost:8000/api/auth/login/ --verbose
以请求的语言返回预期的响应(请注意"Accept-Language: pt"
上面请求中包含的内容):
* Trying ::1...
* Connected to localhost (::1) port 8000 (#0)
> POST /api/auth/login/ HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.49.0
> Accept: */*
> Content-Type: application/vnd.api+json
> Accept-Language: pt
> Content-Length: 107
>
* upload completely sent off: 107 out of 107 bytes
< HTTP/1.1 200 OK
< Transfer-Encoding: chunked
< Allow: POST, OPTIONS
< X-Frame-Options: SAMEORIGIN
< Vary: Accept, Accept-Language, Cookie
< Content-Language: pt
< Content-Type: application/vnd.api+json
<
{"data": {"token":"<token>"}}
* Connection #0 to host localhost left intact