大家好,我正在尝试解决一些问题。
我需要使用我的凭据获取一些数据。
如果我在 POSTMAN 上使用Auth Basic Authorization执行此操作,我会获取数据,但是当我在浏览器上运行的代码上尝试它时,我会在控制台上显示“ TypeError: Failed to fetch ”并且在网络上我得到了这个状态“ CORS 错误”。
这是代码:
fetch(
'https://content-us-8.content-cms.com/api/f8d92c5b-2ec6-46ee-8e22-cd2d9a556473/authoring/v1/content/views/by-type?id=5030aaad-9bf6-45db-9a3e-5cc7cd190103',
{
headers: {
Authorization: 'Basic ' + base64.encode(userName + ':' + password)
},
withCredentials: true
}
)
.then((el) => el.json())
.then((el) => console.log(el))
.catch((err) => console.log(err))
.finally((el) => {
console.log('FINALLY');
console.log(el);
});
如果我在没有标题的情况下拨打电话,我会收到此错误:
{
"requestId": "807bd27d2b28962b9d2834458e926499",
"service": "prod-infra-api-dispatcher",
"version": "0.0.1883",
"description": "Acoustic Content, API Dispatcher Component",
"errors": [
{
"name": "AccessControlError",
"message": "The user 'undefined' tried to perform GET /content/views/by-type with tenant 'f8d92c5b-2ec6-46ee-8e22-cd2d9a556473'. Access to the service was denied because the user roles 'anonymous' do not match the accepted roles 'admin,manager,editor,viewer'. Verify that the user has the correct role assigned.",
"locale": "en",
"parameters": {
"statusCode": 403,
"method": "GET",
"path": "/content/views/by-type",
"roles": [
"anonymous"
],
"requiredRoles": [
"admin",
"manager",
"editor",
"viewer"
],
"timestamp": 1650811022658
},
"timestamp": "Sun, 24 Apr 2022 14:37:02 GMT"
}
],
"timestamp": "Sun, 24 Apr 2022 14:37:02 GMT",
"message": "The user 'undefined' tried to perform GET /content/views/by-type with tenant 'f8d92c5b-2ec6-46ee-8e22-cd2d9a556473'. Access to the service was denied because the user roles 'anonymous' do not match the accepted roles 'admin,manager,editor,viewer'. Verify that the user has the correct role assigned."
}
我知道发生此错误是因为我没有设置凭据......但我尝试了多种方法来实现这一目标但没有成功。
Authorization
仅当前面的预检请求成功时,浏览器才会发出带有标头的跨域 GET 请求。但是你可以试试curl
:
>curl -I -X OPTIONS -H "Access-Control-Request-Headers:Authorization"
-H "Origin:http://localhost"
https://content-us-8.content-cms.com/api/...
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://localhost
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,OPTIONS
Access-Control-Allow-Headers: accept,accept-language,content-language,pragma,cache-control,x-xsrf-token,x-acoustic-region,x-acoustic-auth-source,x-ibm-dx-tenant-id,x-cms-user-auth,x-ibm-dx-user-auth
Access-Control-Expose-Headers: cache-control,content-language,content-type,expires,last-modified,pragma,x-ibm-dx-request-id,x-response-time
标Authorization
头不在允许的标头列表中。换句话说:该服务不允许跨域请求中的基本身份验证。
如果您无法影响后端content-cms.com
以使其Authorization
成为允许的标头,则唯一的选择是通过您自己的后端服务器隧道请求。还是您正在编程“无服务器”?
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句