Ajax对需要身份验证的云运行服务的请求 [英] Ajax request to cloud run service that requires authentication
问题描述
我在与某项服务相关的Google Cloud上运行CORS相关问题
需要验证.
I'm having a CORS related issue with google cloud run on a service that
requires authentication.
如果我尝试通过带有Bearer令牌的cli执行curl命令,
一切正常.
不幸的是,如果我尝试通过javascript中的ajax执行相同的调用,
我收到403.
If I try to execute a curl command through the cli, with a Bearer token,
everything works fine.
Unfortunately if I try to execute the same call through ajax in javascript,
I receive a 403.
const http = new XMLHttpRequest();
const url = 'https://my-app.run.app';
http.open("GET", url);
http.withCredentials = true;
http.setRequestHeader("authorization", 'Bearer ' + id_token);
http.send();
http.onreadystatechange = (e) => {
console.log(http.responseText)
}
云运行日志中的错误是:
The error in the cloud run logs is this :
The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header. Read more at https://cloud.google.com/run/docs/securing/authenticating
容器永远不会被击中.
我看到的问题是,当我使用ajax在网络中拨打电话时,
浏览器.网络浏览器正在发出飞行前请求(
上的OPTIONS
url)而不发送Authorization标头(这是预期的
行为)
The issue I'm seeing is that, as I'm making the call using ajax, in a web
browser. The web browser is making a pre flight request ( OPTIONS on the
url ) without sending the Authorization header ( which is an expected
behavior )
问题似乎是云运行尝试对OPTIONS进行身份验证
请求并且永远不会将其放入我的容器中,据我了解,
不应该做. (
https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 )
The problem seems to be that cloud run tries to authenticate the OPTIONS
request and never makes it to my container, which, as far as I understand,
shouldn't be done. (
https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 )
云的已知问题正在运行吗?
Is that a known issue with cloud run ?
我如何向经过身份验证的云运行服务发出ajax请求?
How could I make an ajax request to an authenticated cloud run service ?
推荐答案
(云运行PM)
这是一个已知问题.有几种选择:
This is a known issue. There are a few options:
- 允许未经身份验证的请求并自行进行CORS/身份验证
- Allow unauthenticated requests and do CORS/auth yourself
- 此版本有一个变体,它使用运行在其中的Cloud Endpoints在您的计算机前运行.让端点对您的最终用户进行身份验证,然后将请求转发到您的后端.
- There is a variation of this that uses Cloud Endpoints running on Cloud Run in front of your compute. Have Endpoints do your end-user auth, then forward the request to your backend.
我们已经考虑实施 Istio CORSPolicy
,它将在auth检查之前返回CORS标头,尽管到目前为止我们还没有对此进行承诺.
We've considered implementing Istio CORSPolicy
, which would return CORS headers before the auth check, though we're not committed to this as of now.
这篇关于Ajax对需要身份验证的云运行服务的请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!