大家好,我想解决一些问题。
我需要用我的凭据获取一些数据。
如果我在POSTMAN上这样做,使用Auth Basic Authorization,获取数据,但是当我在浏览器上运行的代码上尝试它时,我得到控制台">TypeError:未能获取";在网络上,我得到这个状态">CORS错误"。
这是代码:
fetch(
'https://content-us-8.content-cms.com/api/f8d92c5b-2ec6-46ee-8e22-cd2d9a556473/authoring/v1/content/views/by-type?id=5030aaad-9bf6-45db-9a3e-5cc7cd190103',
{
headers: {
Authorization: 'Basic ' + base64.encode(userName + ':' + password)
},
withCredentials: true
}
)
.then((el) => el.json())
.then((el) => console.log(el))
.catch((err) => console.log(err))
.finally((el) => {
console.log('FINALLY');
console.log(el);
});
如果我做调用没有头我得到这个错误:
{
"requestId": "807bd27d2b28962b9d2834458e926499",
"service": "prod-infra-api-dispatcher",
"version": "0.0.1883",
"description": "Acoustic Content, API Dispatcher Component",
"errors": [
{
"name": "AccessControlError",
"message": "The user 'undefined' tried to perform GET /content/views/by-type with tenant 'f8d92c5b-2ec6-46ee-8e22-cd2d9a556473'. Access to the service was denied because the user roles 'anonymous' do not match the accepted roles 'admin,manager,editor,viewer'. Verify that the user has the correct role assigned.",
"locale": "en",
"parameters": {
"statusCode": 403,
"method": "GET",
"path": "/content/views/by-type",
"roles": [
"anonymous"
],
"requiredRoles": [
"admin",
"manager",
"editor",
"viewer"
],
"timestamp": 1650811022658
},
"timestamp": "Sun, 24 Apr 2022 14:37:02 GMT"
}
],
"timestamp": "Sun, 24 Apr 2022 14:37:02 GMT",
"message": "The user 'undefined' tried to perform GET /content/views/by-type with tenant 'f8d92c5b-2ec6-46ee-8e22-cd2d9a556473'. Access to the service was denied because the user roles 'anonymous' do not match the accepted roles 'admin,manager,editor,viewer'. Verify that the user has the correct role assigned."
}
我知道这个错误发生,因为我没有设置凭据…但是我试了很多方法都没有成功。
只有在前一个预飞行请求成功时,浏览器才会发出带有Authorization标头的跨域GET请求。但是你可以试试curl:
>curl -I -X OPTIONS -H "Access-Control-Request-Headers:Authorization"
-H "Origin:http://localhost"
https://content-us-8.content-cms.com/api/...
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://localhost
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,OPTIONS
Access-Control-Allow-Headers: accept,accept-language,content-language,pragma,cache-control,x-xsrf-token,x-acoustic-region,x-acoustic-auth-source,x-ibm-dx-tenant-id,x-cms-user-auth,x-ibm-dx-user-auth
Access-Control-Expose-Headers: cache-control,content-language,content-type,expires,last-modified,pragma,x-ibm-dx-request-id,x-response-time
Authorization报头不在允许的报头列表中。换句话说:该服务不允许跨域请求中的基本身份验证。
如果您不能影响content-cms.com上的后端,使Authorization成为允许的报头,那么唯一的选择是通过您自己的后端服务器对请求进行隧道处理。或者你正在编程"服务器少"?