Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
2.1k views
in Technique[技术] by (71.8m points)

node.js - Set Express response headers before redirect

I'm implementing a site login that takes in an email/password combo, retrieves an API token, and returns it to the user to get stored (encrypted) in localStorage.

Currently, on successful POSTing to /login, the app redirects the user to the index page, with the token attached as a query, like so (as suggested here):

login.post('/', function(req, res) {
    ...checking password...

    Auth.getToken(user, function(err, token) {
        res.redirect('/?token=' + token);
    });
});

This works fine, but I'd prefer to keep my URLs as clean as possible and set the token as a header instead:

login.post('/', function(req, res) {
    ...checking password...

    Auth.getToken(user, function(err, token) {
        res.set('x-access-token', token);
        console.log(res._headers);
            // --> {'x-powered-by': 'Express', 'x-access-token': <token>}
        res.redirect('/');
    });
});

console.log-ing res._headers shows that the headers are set as expected, but when I log req.headers on the request to the index page, it's not showing up:

{ host: 'localhost:3000',
  connection: 'keep-alive',
 'cache-control': 'max-age=0',
 accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
 'upgrade-insecure-requests': '1',
 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36',
 referer: 'http://localhost:3000/login',
 'accept-encoding': 'gzip, deflate, sdch',
 'accept-language': 'en-US,en;q=0.8',
 cookie: 'ifusr=crwj; _ga=GA1.1.1933420201.1409901705',
 'if-none-match': '"1195161647"' }

Any suggestions appreciated!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Setting headers wouldn't work here because a redirect will execute a new http request, you can use express-session to store the auth token and fetch it when you need it

req.session.accessToken = token

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...