使用反应禁止标题访问vuforia vws

Question

我正在尝试使用react + axios调用vuforia的web服务,阅读vuforia的文档,并在我打电话时遵循这些步骤我在chrome的控制台日志中出现错误,即:

xhr.js:121 Refused to set unsafe header "Date"

但如果我理解正确,我必须在请求中声明标题"Date".我该如何解决,这是我的代码:

class App extends Component {
  componentDidMount() {
    var md5 = require('md5');
    var base64 = require('base-64');
    var hmacsha1 = require('hmacsha1');
    var contentType = "application/json";
    var hexDigest = "d41d8cd98f00b204e9800998ecf8427e";
    var accessKey = "xxxxxxxxxxxx";
    var secretKey = "xxxxxxxxxxx";
    var date = new Date().toUTCString();
    var url = `${'https://cors-anywhere.herokuapp.com/'}https://vws.vuforia.com/targets`;
    var dateValue = date;
    var requestPath = url;
    var newLine = '\n';
    var toDigest = `GET${newLine}${hexDigest}${newLine}${contentType}${newLine}${dateValue}${newLine}${requestPath}`;
        var shaHashed = hmacsha1(secretKey, toDigest);

    var signature = base64.encode(shaHashed);
    const config = {
        headers: {
        'Date': `${date}`,
        'Authorization': `VWS ${accessKey}:${signature}`
    }
}
console.log(toDigest);
axios.get(url, config,{ crossdomain: true })
.then(json => console.log(json))
}

的console.log(toDigest):

GET
d41d8cd98f00b204e9800998ecf8427e
application/json
Mon, 29 Oct 2018 12:45:26 GMT
https://cors-anywhere.herokuapp.com/https://vws.vuforia.com/targets

Answer 1

更改您的配置代码

const config = {
    headers: {
    'Date': `${date}`,
    'Authorization': `VWS ${accessKey}:${signature}`
}

到

const config = {
    headers: {
    'Authorization': `VWS ${accessKey}:${signature}`
}

XMLHttpRequest 不允许设置 Date 标头，它由浏览器自动设置。原因是，通过操纵这些标头，您可能能够欺骗服务器通过同一连接接受第二个请求，该连接不会经过通常的安全检查 - 这将是浏览器中的安全漏洞。以下是您无法自行设置的HTTP 标头列表。

如果您仍然遇到该错误，请告诉我。