authentication

authentication

关注
发信
关注(28)粉丝(399)

Salesforce.com REST 身份验证 CORS 问题

本文介绍了Salesforce.com REST 身份验证 CORS 问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在与 salesforce.com api 进行一些集成,但遇到了障碍.

I am doing some integration with the salesforce.com api but I have hit a roadblock.

使用一些我想要的 javascript1. 发布用户名/密码以获取身份验证令牌例如:https://login.salesforce.com/services/oauth2/token?&client_id=XXX-XXX&client_secret=YYYYYY&grant_type=password&password=BLAHBLAHP&username=BLAH@BLAH.com2. 使用此令牌向 salesforce API 发出子请求.

Using some javascript I want to1. Post a username/password to get authentication tokenEG:https://login.salesforce.com/services/oauth2/token?&client_id=XXX-XXX&client_secret=YYYYYY&grant_type=password&password=BLAHBLAHP&username=BLAH@BLAH.com2. Use this token to make subsequest requests to the salesforce API.

当我发出上述请求时,只要我禁用浏览器的安全性或有一个向响应标头添加Access-Control-Allow-Origin"值的插件,它就可以正常工作.在这种情况下,我从 Salesforce 得到了有效响应.

When I make the above request it works fine as long as I disable the security of the browser or have an addon that add a 'Access-Control-Allow-Origin' value to the responsed header. In this case I get back a valid response from Salesforce.

问题是当我从我的域中尝试此操作时出现 CORS 错误:请求的资源上不存在Access-Control-Allow-Origin"标头.因此不允许访问源https://{{myip}}".

The problem is that I get CORS error when I try this from my domain:No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://{{myip}}' is therefore not allowed access.

现在我明白了为什么浏览器会强制执行此限制,但是 Salesforce API 可以选择添加列入白名单的域.我本以为这能让我完成这项工作,但事实并非如此.即使我已将我的域添加到白名单中,身份验证请求也总是在浏览器 (chrome) 的控制台中返回上述错误.

Now I understand why this restriction is enforced by the browser however the Salesforce API has an option to add whitelisted domains. I would have thought that this would have allowed me to make this work but it does not. Even though I have added my domain to the white list, the authentication request always comes back with the abve error in the console of the browser (chrome).

我的问题是:我误以为白名单应该在我的场景中起作用?我是否缺少 Salesforce 应用程序的某些配置?我是否必须遵循不同的身份验证方法才能使其正常工作?

My question is: I am deluded to think that the whitelisting should work in my scenario? Am I missing some configuration of the salesforce app? Do I have to follow a different authentication method in order for this to work?

任何指导将不胜感激.

推荐答案

Salesforce REST API 尚不支持所有请求端点上的 CORS.那么也许您正在使用不添加 CORS 标头的端点?在此期间,您可以使用代理:https://www.jamesward.com/2014/06/23/cross-origin-resource-sharing-cors-for-salesforce-com

The Salesforce REST API doesn't yet support CORS on all request endpoints. So maybe you are using an endpoint that doesn't add the CORS headers? In the meantime you can use a proxy: https://www.jamesward.com/2014/06/23/cross-origin-resource-sharing-cors-for-salesforce-com

这篇关于Salesforce.com REST 身份验证 CORS 问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-19 02:24
Powered by LMLPHP ©2024 authentication 0.034228