我仍然找到一个解决方案,并搜索有关CORS问题。为了解决这些,我已经安装我的配置是这样的:在服务器Cors请求与symfony /角
项目:Debian的8/nginx的/ PHP-FPM
我的Nginx虚拟主机:
server {
server_name sub.domain.com;
root /home/projects/sub.domain.com/web;
location/{
try_files $uri /app.php$is_args$args;
}
# DEV
location ~ ^/(app_dev|config)\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm-user.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm-user.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
}
服务器端:Symfony的3.0 FosUserBundle/FOSRestBundle/NelmioApiDocBundle/NelmioCorsBundle/LexikJWTAuthenticationBundle/JMSSerializer
我config.yml:
# FosUserBundle Configuration
fos_user:
db_driver: orm
firewall_name: main
user_class: UserBundle\Entity\User
group:
group_class: UserBundle\Entity\Group
form:
type: UserBundle\Form\Type\GroupFormType
profile:
form:
type: UserBundle\Form\Type\ProfileFormType
# FOSRestBundle Configuration
fos_rest:
param_fetcher_listener: true
body_listener: true
format_listener: true
view:
view_response_listener: 'force'
formats:
xml: true
json : true
templating_formats:
html: true
force_redirects:
html: true
failed_validation: HTTP_BAD_REQUEST
default_engine: twig
routing_loader:
default_format: json
# LexikJWTAuthenticationBundle Configuration
lexik_jwt_authentication:
private_key_path: %jwt_private_key_path%
public_key_path: %jwt_public_key_path%
pass_phrase: %jwt_key_pass_phrase%
token_ttl: %jwt_token_ttl%
# JMSSerializer Configuration
jms_serializer:
metadata:
auto_detection: true
# NelmioCorsBundle Configuration
nelmio_cors:
defaults:
allow_credentials: true
allow_origin: []
allow_headers: []
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
origin_regex: false
paths:
'^/api/':
allow_origin: ['*']
allow_headers: ['Origin', 'Content-Type', 'X-Requested-With', 'Accept']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE', 'OPTIONS']
max_age: 3600
我security.yml:
api_doc:
pattern: ^/api/doc
anonymous: true
api_login:
pattern: ^/api/login
provider: fos_userbundle
stateless: true
anonymous: true
form_login:
check_path: /api/login_check
require_previous_session: false
username_parameter: username
password_parameter: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
api:
pattern: ^/api
stateless: true
provider: fos_userbundle
lexik_jwt:
authorization_header:
enabled: true
prefix: Bearer
query_parameter:
enabled: true
name: Bearer
throw_exceptions: true
create_entry_point: true
## Main firewall
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
login_path: fos_user_security_login
check_path: fos_user_security_check
remember_me: true
default_target_path: lgb_onepage_home
logout:
path: fos_user_security_logout
target: lgb_onepage_home
anonymous: true
remember_me:
secret: %secret%
lifetime: 604800 # 1 week in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
# secure: true
httponly: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: ROLE_ADMIN }
- { path: ^/resetting, role: ROLE_ADMIN }
- { path: ^/intranet/, role: ROLE_USER }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: [IS_AUTHENTICATED_FULLY, ROLE_ADMIN] }
而且为我的客户,我使用离子与基地项目的角度JS(带骨架的标签为具有有效的登录表单):
我的配置:
.config(function ($stateProvider, $urlRouterProvider, localStorageServiceProvider, $httpProvider) {
$stateProvider...;
// if none of the above states are matched, use this as the fallback
$urlRouterProvider.otherwise('/app/playlists');
localStorageServiceProvider
.setPrefix('lgb-preorder');
$httpProvider.defaults.headers.common = {};
$httpProvider.defaults.headers.post = {};
$httpProvider.defaults.headers.put = {};
$httpProvider.defaults.headers.patch = {};
});
和我的功能(不工作):
$scope.doLogin = function() {
var loginData = {
username: this.login.username,
password: this.login.password
};
$http({
url: 'http://sub.domain.com/app_dev.php/api/login_check',
method: 'POST',
data: loginData,
headers: {'Content-Type': 'application/json'}
})
.success(function (data) {
console.log("Success -- login ok with ", data);
})
.error(function (error) {
console.log("ERROR -- login fail with ", error);
});
};
错误时,发送的是:
XMLHttpRequest cannot load http://sub.domain.com/app_dev.php/api/login_check. Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '*, http://localhost:8100', but only one is allowed. Origin 'http://localhost:8100' is therefore not allowed access.
似乎因为我的http请求有访问权限的控制允许页眉和访问控制允许来源的2个定义:
Request URL:http://sub.domain.com/app_dev.php/api/login_check
Request Method:OPTIONS
Status Code:200 OK
Remote Address:x.x.x.x:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Headers:origin, content-type, x-requested-with, accept
Access-Control-Allow-Methods:POST, PUT, GET, DELETE, OPTIONS
Access-Control-Allow-Origin:http://localhost:8100
Access-Control-Allow-Origin:*
Access-Control-Max-Age:3600
但为什么? ?____ ???
如果任何人有一个想法,它真的很感激=)thanx您的帮助
这个请求卷曲工作:
curl -X POST http://sub.domain.com/app_dev.php/api/login_check -d '{"username": "user", "password": "pass"}' -H "Content-Type: application/json"
什么是您使用的网络服务器?你确定Web服务器没有添加额外的Access-Control-Allow-Origin? .. – Vamsi
我已经使用了Nginx,我在此配置中添加了我的虚拟主机。我不知道如果nginx可以在这个请求中添加标题。 – Quovandius