Angular 2 - Response for preflight has invalid HTT

2019-04-29 11:36发布

站内问答 / Angular
884 3 4



I know there a already lot of same solved issues here,
but unfortunately none of them helped me :-(.

Here my problem:
I try to connect from my localhost to my REST service on a server. It works fine with a FF REST plugin, but my application results in following errors:

How I try to get the data I want:

@Injectable()
export class ModelsComponent implements OnInit {

    private restRoot = 'http://.../my_REST_Service';
    private data;

    constructor(private http: Http) { }

    ngOnInit() {
        this.getModels().subscribe(res => {
            this.data = res; 
            console.log(this.data);
        });
    }

    authHeaders() {
        let username: string = 'xxxx';
        let password: string = 'xxxx';

        let token: string = btoa(username + ":" + password);

        let headers: Headers = new Headers();
        headers.append('Access-Control-Expose-Headers', 'Authorization');
        headers.append('Authorization', 'Basic ' + token);
        headers.append("Access-Control-Allow-Origin", "http://localhost:4200/");
        headers.append("Access-Control-Allow-Methods", "*");
        headers.append("Access-Control-Allow-Headers", "Accept,Accept-Charset,Accept-Encoding,Accept-Language,Authorization,Connection,Content-Type,Cookie,DNT,Host,Keep-Alive,Origin,Referer,User-Agent,X-CSRF-Token,X-Requested-With");
        headers.append("Access-Control-Allow-Credentials", "true");

        return headers;
    }

    getModels(): Observable<any> {
        return this.http.get(this.restRoot, {
                    headers: this.authHeaders(), 
                    withCredentials: true        <- from a similar issue
               }).map(res => res.json());
    }
}

My Server is configured like this:

Header set Access-Control-Allow-Origin "http://localhost:4200"
Header set Access-Control-Allow-Headers "Accept,Accept-Charset,Accept-Encoding,Accept-Language,Authorization,Connection,Content-Type,Cookie,DNT,Host,Keep-Alive,Origin,Referer,User-Agent,X-CSRF-Token,X-Requested-With"
Header set Access-Control-Allow-Methods "*"
Header set Access-Control-Allow-Credentials "true"   
Header set Access-Control-Expose-Headers "Authorization"       <- from a similar issue

I know there are other same/ similar solved issues. But I still do not know what to do or how to do it. I really appreciate it if someone can help me with my code!!

3条回答
对你真心纯属浪费
2楼-- · 2019-04-29 12:12

"My Server is configured like this" — That's mostly irrelevent. Look at the error message: "Response for preflight has invalid HTTP status code 401"

It says nothing about any of the things you mentioned with Access-Control-Allow-Thing.

  • The browser is making an OPTIONS request to ask if a cross origin request is allowed.
  • The response says "Your username and password is wrong".

Since the browser hasn't received permission to make the cross origin request: It hasn't sent a username and password.

You need to find the code on your server that performs the authorisation and exclude OPTIONS requests from that test. Anybody should be able to make the OPTIONS request, not just people who have the username and password.

查看更多
0人赞 添加讨论(0) 举报
Fickle 薄情
3楼-- · 2019-04-29 12:16

The browser does an OPTIONS request before doing your HttpGet, you need to add an endpoint with the same route as the HttpGet, make that an HttpOptions request, remove auth from that endpoint and return a 200 OK from it and that should fix your issue.

查看更多
0人赞 添加讨论(0) 举报
霸刀☆藐视天下
4楼-- · 2019-04-29 12:30

On the server side, if using Node.js you can consider authorizing all OPTIONS requests so browsers won't need authentication to check what methods are authorized on the server/REST API.

Consider code like: 

if (req.method === 'OPTIONS') {
    res.status(200).end();
} else {
    next();
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)