我正在实现一个JWT身份验证，但头中的授权集出现了问题。
似乎未在请求中设置“Authorization”标头。
我收到了客户端发送的2个请求，第一个请求中传递了Authorization头：

// GET PROJECTS NAME
projects.getName = () => {  // === projects.getName = function() { ... }
return $http.get(Global.url_api+'action=GETINFO&table=Projects');
}

浏览器中的请求：

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi....
Host: *******-tpinst.fr
Origin: http://localhost:2000
Proxy-Connection: keep-alive
Referer: http://localhost:2000/
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36

但是我的第二个请求实现为与第一个请求相同，但没有通过这个授权头：

users.get = function(project){
return $http.get(Global.url_api+'action=GET&table='+project+'_users');
}

在浏览器中：

Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Host: bouygues-tpinst.fr
Origin: http://localhost:2000
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36

授权在主程序中设置：

app.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.headers.common['Authorization'] = 'Bearer 
'+localStorage.getItem('tokenAPI');
}])

我在服务器端设置了Allow origin，如下所示：

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, 
OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, Authorization');

我对这些安全概念还是初学者，请您指点迷津

编辑：

我刚刚发现一个提示，在我的api.php中，我得到了这一行发送错误401到客户端：

$Authorization = $_SERVER['HTTP_AUTHORIZATION'];

//Looking for authorization headers
if($Authorization){ ... }
else {  
    header('HTTP/1.0 401 Unauthorized'); //Give error code 401
    echo 'Token not found in the header';
}

当我删除
标头（“HTTP/1.0 401未授权”）;
标题中的授权传递