http请求的头信息字段没法添加?

ybtianyu 发布于 2019/06/07 22:56
阅读 1K+
收藏 0

解读下一代网络:算力网络正从理想照进现实!>>>

我在使用的是ionic CLI 4.8.0. 我想在发送http请求时带上cookie信息,用于登录状态保持。
我的做法是在http post请求的headers里面添加“Cookie”属性,值为字符串sessionid=xxxxxxxxxxxxxx.
ts文件的代码如下: (我使用的是Angular的HttpClient)
import {HttpClient, HttpParams} from '@angular/common/http';
import { HttpHeaders } from '@angular/common/http';
构造函数里面初始化对象public http: HttpClient
事务代码:
//设置header
const headers = new HttpHeaders().set("Access-Control-Request-Method", "POST")
.set("Access-Control-Request-Headers", "accept, content-type")
.set("Cookie", "sessionid=tlikemu4syawevedarpir2my3pii23we"); //在header信息里添加Cookie属性
let options = { // HttpClient的post方法的第三个参数是options
withCredentials:true,
headers:headers
}
this.http.post('http://my/url/', {}, options).subscribe( // 发送post请求,body没有字段
data => this.ProcessLoginResponse(JSON.stringify(data)) ,
err => this.ProcessLoginError(JSON.stringify(err))
)
但是服务器处理到该请求时,请求的headers里面没有这个Cookie,我使用wireshark抓包,发现请求包的headers里面确实没有Cookie字段。
Hypertext Transfer Protocol
POST /user/login/ HTTP/1.1\r\n
Host: 192.168.1.108:8000\r\n
Connection: keep-alive\r\n
Content-Length: 2\r\n
Accept: application/json, text/plain, */*\r\n
Origin: file://\r\n
x-wap-profile: http://wap1.huawei.com/uaprof/HUAWEI_SOPHIA_L07_UAProfile.xml\r\n
User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; HUAWEI P7-L07 Build/HuaweiP7-L07) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36\r\n
Content-Type: application/json\r\n
Accept-Encoding: gzip,deflate\r\n
Accept-Language: zh-CN,en-US;q=0.8\r\n
X-Requested-With: com.ionicframework.vp2342525\r\n
\r\n
[Full request URI: http://192.168.1.108:8000/user/login/]
[HTTP request 1/1]
[Response in frame: 233]
File Data: 2 bytes
我试了下将headers.set替换为headers.append,请求头部也没有看到添加的字段。
请问该怎么才能正确添加信息到http请求的header里面

加载中
0
kakai
kakai

被服务器过滤拦截了,以java举例,添加一个过滤器(其中包括允许跨域访问的设置),设置如下:

response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,DELETE,PUT,HEAD");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
        response.setHeader("Access-Control-Expose-Headers", "Authorization");

 

重点是“Authorization”这个自定义属性,你的Cookie和这个类似

0
ybtianyu
ybtianyu

const headers = new HttpHeaders().set("Access-Control-Request-Method", "POST")
.set("Access-Control-Request-Headers", "accept, content-type,cookie")
.set("Cookie", "sessionid=tlikemu4syawevedarpir2my3pii23we");

服务器代码的response里面有你说的允许跨域访问的设置

if req.user.is_authenticated():

    resp['status_code'] = 0

    resp['username'] = str(req.user)

    response = HttpResponse(json.dumps(resp), content_type="application/json")

    response["Access-Control-Allow-Origin"] = "*"

    response["Access-Control-Expose-Headers"] = "*"

    response["Access-Control-Allow-Methods"] = "POST, GET, OPTIONS"

    response["Access-Control-Max-Age"] = "1000"

    response["Access-Control-Allow-Headers"] = "Content-Type, Access-Control-Allow-Headers, Authorization, Cookie, X-Requested-With"

    response["Access-Control-Allow-Credentials"] = True

    return response

else:

    resp['status_code'] = -1

    resp['msg'] = "AnonymousUser"

    response = HttpResponse(json.dumps(resp), content_type="application/json")

    response["Access-Control-Allow-Origin"] = "*"

    response["Access-Control-Expose-Headers"] = "*"

    response["Access-Control-Allow-Methods"] = "POST, GET, OPTIONS"

    response["Access-Control-Max-Age"] = "1000"

    response["Access-Control-Allow-Headers"] = "Content-Type, Access-Control-Allow-Headers, Authorization, Cookie, X-Requested-With"

    response["Access-Control-Allow-Credentials"] = True

    return response

header里面有Cookie属性,就能登录成功。这个代码逻是无论如何都允许跨域访问,那么就应该没有过滤header里的Cookie。但实际发送的请求里面还是没有Cookie属性。

还有个不清楚的是,ionic HttpClient的post方法,如果有options参数,就相当于跨域访问吗?然后在跨域访问时被服务器过滤了?

0
ybtianyu
ybtianyu

当我用浏览器登录后,再做post,浏览器会自动添加上Cookie,自动登录成功。

但我把浏览器的cookie数据清除后,再post,自动登录就会失败,因为post方法的headers里的Cookie没有发送出去。

0
ybtianyu
ybtianyu

有人能解答怎样才能发送header吗?

0
ybtianyu
ybtianyu

后来,我没有单独在header里添加cookie, 而是使用了let options = {

  "withCredentials":true

}

这样,浏览器实际工作时会自动添加cookie的。

返回顶部
顶部