我正在尝试使用Spring security后端从Angular 7进行登录:
login(username: string, password: string) {
const formData = new FormData();
formData.append('username', username);
formData.append('password', password);
return this.http.post<UserInfo>(`${API_URL}/login`, formData, {observe: 'response'})
.pipe(map(response => {
const jwtToken = response.headers.get(AUTHORIZATION).replace('Bearer', '').trim();
const userInfo = response.body;
if (jwtToken && userInfo) {
const user = new User(username, password, jwtToken, userInfo);
localStorage.setItem(CURRENT_USER, JSON.stringify(user));
this.currentUserSubject.next(user);
}
return response;
}));
}
但是,response.headers只是空的,不包含任何标题。Postman和Chrome开发工具显示了许多标题,甚至是我需要的标题——授权。我已经回顾了很多这样的问题和github问题,但它们都说了同样的话,这对我来说并不适用——在CORS Access Control Expose Headers中简单地列出header,但我已经做了,没有做任何更改。下面是一个相关的Spring配置:
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.addAllowedOrigin("http://localhost:4200");
configuration.addExposedHeader("Authorization");
configuration.addAllowedMethod("*");
configuration.addAllowedHeader("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
在这一点上,我被卡住了,不知道如何从角度访问这些标题:
