这里将验证之后得到的cookie加入到http头Authorization中,主要是self.get_secure_cookie这个函数默认有个value值为None,此时会从cookie中获取值,这里可以将传递过来的Authorization值覆盖value,不从cookie取值.遇到的场景是后端是基于tornado的api,前端是anjularjs不支持设置Cookie请求字段
class BaseHandler(tornado.web.RequestHandler):
def set_default_headers(self):
self.set_header("Access-Control-Allow-Origin", "*")
self.set_header("Access-Control-Allow-Headers", "x-requested-with,authorization")
self.set_header('Access-Control-Allow-Methods', 'POST,GET,PUT,DELETE,OPTIONS')
def get_current_user(self):
if self.request.headers.get("Authorization") is None:
user=self.get_secure_cookie("token")
else:
token=self.request.headers.get("Authorization").split('token=')[1]
user=self.get_secure_cookie("token",value=token)
print(user)
return user
def options(self):
# no body
self.set_status(204)
self.finish()