javascript - JWT token 未在 $resource 中的 header 上设置

Question

我正在使用 JWT 进行用户授权。我正在使用 Node API 在 mongodb 中插入数据。现在我想将登录用户的 id 与数据一起插入到 mongodb 中。

Angular

//factory for blog insert
app.factory('blogFactory', function($resource, $rootScope){
  return $resource('/api/addblog/:id', {id:'@_id'},{get:{headers:{'authorization':$rootScope.token}}});
});

//controller for add blog

    app.controller('blogpostCtrl', function($rootScope, $scope, blogFactory, $location){

      $scope.addBlog=function(){
          $scope.blogg=new blogFactory($scope.blog); 
          $scope.blogg.$save(function(){ 
            $scope.blog=" ";
              $scope.alert="Blog Successfully Inserted..!!!";
                });
      };
    });

Node API

apiRoutes.post('/addblog', function(req, res){ 
  var tokenx=req.headers.authorization;
  console.log(tokenx);
  var loggedinUser= jwt.decode(tokenx, config.secret);

  var CurrentDate=Date.now(); 
  var newBlog=new blogModel({
    title:req.body.title, 
    description:req.body.description, 
    category:req.body.category,  
    date:CurrentDate,
    by:loggedinUser._id
  });
  newBlog.save(function(err, data){
    if(err){return res.json({success:false, msg:'Blog Not Posted'})}
      else{
        res.json({success:true, msg:'Successfully Posted'});
      }
  });

});

所以，我想知道，用 Angular js 在 $resource 中编写 headers 是否正确。 当我执行此代码时，它显示错误错误:未提供 token 。并且在 console.log 中还显示错误 POST http://localhost:3000/api/addblog 500(内部服务器错误)。

请帮忙。

Answer 1

Your header must be included in Access-Control-Allow-Headers header in response to the OPTIONS request.

app.use(function(req, res, next) {

  // Website you wish to allow to connect
  res.setHeader('Access-Control-Allow-Origin', '*');

  // Request methods you wish to allow
  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');

  // Request headers you wish to allow
  res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type,authorization');

  // Set to true if you need the website to include cookies in the requests sent
  // to the API (e.g. in case you use sessions)
  res.setHeader('Access-Control-Allow-Credentials', true);

  // Pass to next layer of middleware
  next();
});

编辑

您可以看到使用 angular.js 发送请求的多种方式

how to set custom headers with a $resource action?