问题
I'm having a really hard time figuring this out. I am using JWTAuth on my Laravel 5 API and I'm having a problem with the token being read. This is what I know and tried:
I have set my CORS configuration to allow all headers for my API path:
return array(
'defaults' => array(
'supportsCredentials' => false,
'allowedOrigins' => array(),
'allowedHeaders' => array(),
'allowedMethods' => array(),
'exposedHeaders' => array(),
'maxAge' => 0,
'hosts' => array(),
),
'paths' => array(
'api/*' => array(
'allowedOrigins' => array('*'),
'allowedHeaders' => array('*'),
'allowedMethods' => array('*'),
'maxAge' => 3600,
),
'*' => array(
'allowedOrigins' => array('*'),
'allowedHeaders' => array('Content-Type'),
'allowedMethods' => array('POST', 'PUT', 'GET', 'DELETE'),
'maxAge' => 3600,
'hosts' => array('api.*'),
),
),
);
I have added the following to apache's sites enabled conf file:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
And I can see in Chrome tools that headers are being passed back with the correct token and in the correct format: Authorization : Bearer tokenstring
Can anyone see what I may be doing wrong? Does anyone know of issues with this?
回答1:
I see where my issue is. According to the documentation on the JWTAuth Github page:
Note to Apache users
Apache seems to discard the Authorization header if it is not a base64 encoded user/pass combo. So to fix this you can add the following to your apache config
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
I thought apache config meant the 000-default.conf file. I was in error. In fact this was suppose to be done in the .htaccess file. Once done... POOF, everything works!
来源:https://stackoverflow.com/questions/31171727/reading-authorization-header-for-jwt-token-using-laravel-5-cors-and-jwtauth