url:飞行前响应中Access-Control-Allow-Headers不允许请求标头字段授权

时间:2019-06-14 11:37:22

标签: javascript node.js angular authorization express-jwt

我想使用授权令牌实现express-jwt。为此,我使用HttpHeaders编写了代码。但我收到此错误:

Request header field authorization is not allowed by Access-Control- 
Allow-Headers in preflight response.

当我绕过'.unless'中的路线时,它工作正常。

我的代码是-(angular6):

app.component.ts 

 return new Promise((resolve, reject) => {
      var headers= new HttpHeaders({'authorization': 'Bearer ' + token});

      this.http.get(this.nodejsUrl + "getMongoDData/getSystem" +emptyObj, { headers:headers })
        .pipe(map(Response => Response))
        .subscribe((res: Response) => {

//code
})
});

server.js 

var express = require('express');
var cors = require('cors');
var bodyParser = require('body-parser');
var restify = require('restify');
var expressJwt = require('express-jwt');
var session = require('express-session');
var config = require('./config.json')
var app = express();
var router = express.Router();
var port = 3003;
app.use(restify.plugins.bodyParser());

app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(bodyParser.json({ type: 'application/vnd.api+json' }))

app.use(cors({
    'Access-Control-Allow-Headers' : 'Content-Type, Authorization'
}));
app.use(session({ secret: config.secret, resave: false, saveUninitialized: true }));


app.use(function (req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    next();
});

//Express JWT token
app.use(cors({
    'allowedHeaders': ['sessionId', 'Content-Type'],
    'exposedHeaders': ['sessionId'],
    'origin': '*',
    'methods': 'GET,HEAD,PUT,PATCH,POST,DELETE',
    'preflightContinue': false
  }));


app.use(expressJwt({
    secret: config.secret,
    getToken: function (req) {
        console.log("####### req.headers ", req.headers)
        if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
            return req.headers.authorization.split(' ')[1];
        } else if (req.query && req.query.token) {
            return req.query.token;
        }
        return null;
    }
})
    .unless({
        path: ['/forgotP/forgotPassword', '/login/authenticate',
            '/registerObjectData', '/resetP/resetPassword', '/viewUser/checkUser/'
            , '/viewUser/checkEmail/', '/changeP/changePassword',
            '/dashboard/experianEntireSuccess1/'
        ]
    })
);

0 个答案:

没有答案
相关问题
最新问题