Home >WeChat Applet >WeChat Development >WeChat development tips: Solutions to the error config:invalid signature
WeChat development tips: The solution to the error config:invalid signature
WeChat public platform, the solution to the error config:invalid signature keeps popping up
If it is an invalid signature signature error. It is recommended to check in the following order:
1. Confirm that the signature algorithm is correct, and you can use the http://mp.weixin.qq.com/debug/cgi-bin/sandbox?t=jsapisign page tool for verification.
2. Confirm that the nonceStr (standard camel case capital S in js) and timestamp in the config are consistent with the corresponding noncestr and timestamp used in the signature.
3. Confirm that the URL is the complete URL of the page (please confirm on the current page alert(location.href.split(‘#’)[0])), including the ‘http(s)://’ part, and ‘? GET parameter part after ', but does not include the part after '#' hash.
4. Confirm that the appid in config is consistent with the appid used to obtain jsapi_ticket.
5. Make sure to cache access_token and jsapi_ticket.
This is the key point:
Make sure that the URL you obtain for signing is obtained dynamically. For dynamic pages, please refer to the PHP implementation in the example code. If it is a static page of html, the url is passed to the backend for signature through ajax on the front end. The front end needs to use js to get the link of the current page except the '#' hash part (can be obtained by location.href.split('#')[0], and encodeURIComponent is required), because once the page is shared, the WeChat client will add other parameters at the end of your link. If the current link is not obtained dynamically, the signature of the shared page will fail.
Teach how to verify whether it is correct:
The method of dynamically obtaining the url is:
$protocol = (!empty($_SERVER[HTTPS]) && $_SERVER[HTTPS] !== off || $_SERVER[SERVER_PORT] = = 443) ? "https://" : "http://";
$url = $protocol.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI];
Steps:
First you are Page alert(location.href.split('#')[0]);
Then you print out whether the dynamically obtained URL is the same as the address of your alert. They must be exactly the same, including capitalization.
If you find something different, change it according to your needs. Anyway, it’s the same. The signature verification must pass.