401 Unatuhorized(“detail”:“Authentication credenti

2019-09-01 03:08发布

站内问答 / Django
514 1 4

i am using djoser's authentication at backend. when i make a get request at "/account/me/" through post man with content-type and Authorization header i am getting a correct response. But when i try to do same request from my angular client i get 401 Unatuhorized("detail":"Authentication credentials were not provided.") error. here is my angular service 

import { Injectable } from '@angular/core';
import {homeUrls} from "../../../utils/urls";
import {Http, RequestOptions, Headers Response} from '@angular/http';
import {HttpHeaders,} from "@angular/common/http";
@Injectable()
export class AdsService {
  private headers = new Headers();
  private token: string;
  constructor(private http: Http) {
    this.token = localStorage.getItem('token');
    console.log("token is " , this.token);
    //this.headers = new Headers({'Content-Type': 'application/json' , 'Authorization': 'Token ' + this.token });
     this.headers.append('Authorization', 'Token ' + this.token);
     this.headers.append('Content-Type', 'application/json');
    console.log(this.headers);
    this.getMe();
  }

  getMe(): Promise<any> {
    let options = new RequestOptions({ headers: this.headers });
      return this.http.get(homeUrls.User, options)
        .toPromise()
        .then(res=> {
          console.log("user is");
          console.log(res.json());
        });
  }

and here is the screenshot of headers window of my network tab. enter image description here

any solutions?

1条回答
Animai°情兽
2楼-- · 2019-09-01 03:35

When doing a preflight requests, custom headers such as Authorization will not be included.

So, if your server expects only authenticated users to perform an OPTIONS requests, then you'll end up always getting 401 errors (since the headers will never be passed)

Now, I don't know django at all, but from this thread here it looks like a known issue

https://github.com/encode/django-rest-framework/issues/5616

Maybe try the suggested workaround, which is using a custom permission checker instead of using django rest framework's default

Workaround (from above thread)

# myapp/permissions.py
from rest_framework.permissions import IsAuthenticated

class AllowOptionsAuthentication(IsAuthenticated):
    def has_permission(self, request, view):
        if request.method == 'OPTIONS':
            return True
        return request.user and request.user.is_authenticated

And in settings.py:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.TokenAuthentication',),
    'DEFAULT_PERMISSION_CLASSES': (
        'myapp.permissions.AllowOptionsAuthentication',
    )
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)