我目前正在为一个uni项目开发PHP REST API,该项目使用通过PhoneGap从移动Web应用程序传递的JSON Web令牌,或者在开发过程中使用我的桌面.
使用ajax将令牌发送到我的服务器页面“ friends / read.PHP”时,服务器使用以下命令正确获取了Authorization标头
$headers = getallheaders();
$authHeader = $headers['Authorization'];
但在多次成功运行后停止这样做.此后,将不再提取标头.
我的请求代码如下:
$.ajax({
url: "http://localhost/chordstruck/api/friends/read.PHP",type: "GET",beforeSend: function (request) {
request.setRequestHeader('Authorization','Bearer ' + localStorage.getItem('jwt'));
},datatype: "json",success: function (response) {
console.log(response);
},error: function (jqXHR,textStatus,errorThrown) {
console.log(jqXHR);
}
});
奇怪的是,当使用die(“ test”)过早地杀死PHP脚本,然后再次删除die()时,服务器将开始为多个其他请求选择Authorization标头.
Read.PHP:
error_reporting(E_ALL);
ini_set('display_errors','on');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET');
header('Access-Control-Allow-Headers: Origin,Content-Type,Authorization,X-Auth-Token');
$config = require_once '../config/core.PHP';
require_once '../config/jwt_helper.PHP';
// get database connection
include_once '../config/database.PHP';
// instantiate profile object
include_once '../objects/profile.PHP';
$headers = getallheaders();
$authHeader = $headers['Authorization'];
$token;
if ($authHeader) {
list($jwt) = sscanf((string)$authHeader,'Bearer %s');
if ($jwt) {
try {
$key = $config['jwt_key'];
$token = JWT::decode($jwt,$key,array('HS512'));
} catch (Exception $e) {
header('HTTP/1.0 401 Unauthorized');
exit();
}
} else {
header('HTTP/1.0 400 Bad Request');
exit();
}
} else {
header('HTTP/1.0 400 No Header Found');
exit();
}
echo "success";
?>
我在开发此项目时遇到了CORS问题,我在.htaccess文件中与上面的标头以及下面的标头对立了:
Header set Access-Control-Allow-Origin "*"
这可能相关吗?任何帮助/想法将不胜感激!