无法获取 - cors错误 - 使用授权标头获取时 - 在邮递员工作确定

发布于 2025-01-24 02:23:33 字数 2439 浏览 4 评论 0原文

大家好，我正在尝试解决问题。

我需要用我的凭据获取一些数据。

如果我在Postman上这样做，则使用 auth Basic授权，我获取数据，但是当我在浏览器上运行的代码尝试时，我就可以使用控制台“ typeError：无法获取”，在网络上我获得了此状态” cors错误”。

这是代码：

fetch(
      'https://content-us-8.content-cms.com/api/f8d92c5b-2ec6-46ee-8e22-cd2d9a556473/authoring/v1/content/views/by-type?id=5030aaad-9bf6-45db-9a3e-5cc7cd190103',
      {
        headers: {
          Authorization: 'Basic ' + base64.encode(userName + ':' + password)
        },
        withCredentials: true
      }
    )
      .then((el) => el.json())
      .then((el) => console.log(el))
      .catch((err) => console.log(err))
      .finally((el) => {
        console.log('FINALLY');
        console.log(el);
      });

如果我在没有标题的情况下进行呼叫我会遇到此错误：

{
    "requestId": "807bd27d2b28962b9d2834458e926499",
    "service": "prod-infra-api-dispatcher",
    "version": "0.0.1883",
    "description": "Acoustic Content, API Dispatcher Component",
    "errors": [
        {
            "name": "AccessControlError",
            "message": "The user 'undefined' tried to perform GET /content/views/by-type with tenant 'f8d92c5b-2ec6-46ee-8e22-cd2d9a556473'. Access to the service was denied because the user roles 'anonymous' do not match the accepted roles 'admin,manager,editor,viewer'. Verify that the user has the correct role assigned.",
            "locale": "en",
            "parameters": {
                "statusCode": 403,
                "method": "GET",
                "path": "/content/views/by-type",
                "roles": [
                    "anonymous"
                ],
                "requiredRoles": [
                    "admin",
                    "manager",
                    "editor",
                    "viewer"
                ],
                "timestamp": 1650811022658
            },
            "timestamp": "Sun, 24 Apr 2022 14:37:02 GMT"
        }
    ],
    "timestamp": "Sun, 24 Apr 2022 14:37:02 GMT",
    "message": "The user 'undefined' tried to perform GET /content/views/by-type with tenant 'f8d92c5b-2ec6-46ee-8e22-cd2d9a556473'. Access to the service was denied because the user roles 'anonymous' do not match the accepted roles 'admin,manager,editor,viewer'. Verify that the user has the correct role assigned."
}

我明白此错误是因为我没有设置凭据...但是我已经尝试了多种方法来实现此目的成功。

原文

Hi everybody i'm trying to solve some issue.

I need to get some data, with my credentials.

If i do it on POSTMAN , with Auth Basic Authorization, i get the data, but when i try it on my code, which runs on the browser, i get on the console "TypeError: Failed to fetch" and on network i get this status "CORS error".

This is the code:

fetch(
      'https://content-us-8.content-cms.com/api/f8d92c5b-2ec6-46ee-8e22-cd2d9a556473/authoring/v1/content/views/by-type?id=5030aaad-9bf6-45db-9a3e-5cc7cd190103',
      {
        headers: {
          Authorization: 'Basic ' + base64.encode(userName + ':' + password)
        },
        withCredentials: true
      }
    )
      .then((el) => el.json())
      .then((el) => console.log(el))
      .catch((err) => console.log(err))
      .finally((el) => {
        console.log('FINALLY');
        console.log(el);
      });

If i do the call without headers i get this error:

{
    "requestId": "807bd27d2b28962b9d2834458e926499",
    "service": "prod-infra-api-dispatcher",
    "version": "0.0.1883",
    "description": "Acoustic Content, API Dispatcher Component",
    "errors": [
        {
            "name": "AccessControlError",
            "message": "The user 'undefined' tried to perform GET /content/views/by-type with tenant 'f8d92c5b-2ec6-46ee-8e22-cd2d9a556473'. Access to the service was denied because the user roles 'anonymous' do not match the accepted roles 'admin,manager,editor,viewer'. Verify that the user has the correct role assigned.",
            "locale": "en",
            "parameters": {
                "statusCode": 403,
                "method": "GET",
                "path": "/content/views/by-type",
                "roles": [
                    "anonymous"
                ],
                "requiredRoles": [
                    "admin",
                    "manager",
                    "editor",
                    "viewer"
                ],
                "timestamp": 1650811022658
            },
            "timestamp": "Sun, 24 Apr 2022 14:37:02 GMT"
        }
    ],
    "timestamp": "Sun, 24 Apr 2022 14:37:02 GMT",
    "message": "The user 'undefined' tried to perform GET /content/views/by-type with tenant 'f8d92c5b-2ec6-46ee-8e22-cd2d9a556473'. Access to the service was denied because the user roles 'anonymous' do not match the accepted roles 'admin,manager,editor,viewer'. Verify that the user has the correct role assigned."
}

I understand this error occurs because i'm not setting credentials... but i've tried multiple ways to achieve this without success.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

你的心境我的脸 2025-01-31 02:23:33

浏览器只有在前面的前请求成功时，才能使用授权标题进行交叉原始请求标题。但是，您可以尝试使用curl：

>curl -I -X OPTIONS -H "Access-Control-Request-Headers:Authorization"
 -H "Origin:http://localhost"
 https://content-us-8.content-cms.com/api/...

HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://localhost
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,OPTIONS
Access-Control-Allow-Headers: accept,accept-language,content-language,pragma,cache-control,x-xsrf-token,x-acoustic-region,x-acoustic-auth-source,x-ibm-dx-tenant-id,x-cms-user-auth,x-ibm-dx-user-auth
Access-Control-Expose-Headers: cache-control,content-language,content-type,expires,last-modified,pragma,x-ibm-dx-request-id,x-response-time

授权标题不在允许的标题列表中。换句话说：该服务不允许在交叉原始请求中进行基本身份验证。

如果您不能在content-cms.com上影响后端，以便授权成为允许的标头，则唯一的选择是通过您自己的后端服务器隧道隧道。还是您正在编程“无服务器”？

The browser makes a cross-origin GET request with Authorization header only if the preceding preflight request succeeds. But as you can try out with curl:

>curl -I -X OPTIONS -H "Access-Control-Request-Headers:Authorization"
 -H "Origin:http://localhost"
 https://content-us-8.content-cms.com/api/...

HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://localhost
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,OPTIONS
Access-Control-Allow-Headers: accept,accept-language,content-language,pragma,cache-control,x-xsrf-token,x-acoustic-region,x-acoustic-auth-source,x-ibm-dx-tenant-id,x-cms-user-auth,x-ibm-dx-user-auth
Access-Control-Expose-Headers: cache-control,content-language,content-type,expires,last-modified,pragma,x-ibm-dx-request-id,x-response-time

the Authorization header is not in the list of allowed headers. In other words: The service does not allow basic authentication in cross-origin requests.

If you cannot influence the backend on content-cms.com so that Authorization becomes an allowed header, the only option is to tunnel the request through your own backend server. Or are you programming "server-less"?

回复收藏 0 原文

~没有更多了~