修复CORS“对预检的响应..."；标头不随AWS API网关一起出现并放大 [英] Fix CORS "Response to preflight..." header not present with AWS API gateway and amplify

查看：150 发布时间：2020/8/22 22:04:00 javascript amazon-cloudformation aws-api-gateway aws-serverless sam

本文介绍了修复CORS“对预检的响应..."；标头不随AWS API网关一起出现并放大的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我一直在努力解决以下错误.我已经尝试了很多教程和stackoverflow答案，但是没有一种解决方案可以解决我的问题.

I've been struggling so long with the error below. I've tried so many tutorials and stackoverflow answers and none of the solutions fixes my problem.

在以下位置访问XMLHttpRequest " https://xxx " " http://localhost:3000 "已被CORS政策阻止:对预检请求未通过访问控制检查:否请求中存在"Access-Control-Allow-Origin"标头资源.

Access to XMLHttpRequest at 'https://xxx' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

我正在使用无服务器的SAM创建我的api.

I'm using SAM serverless to create my api.

template.yaml:

Globals:
  Function:
    Timeout: 10
  Api:
    Cors:
      AllowMethods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
      AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
      AllowOrigin: "'*'"

我的lambda函数: 我的GET响应和OPTIONS响应都具有以下返回的标头:

My lambda function: Both my GET response and OPTIONS response has the following headers that is returned:

headers: {
  "Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'",
  "Access-Control-Allow-Origin": "'*'",
  "Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
}

我的API使用amplify进入我的ReactJs应用程序:

API.get(apiName, path, {
   headers: {
      "Access-Control-Allow-Origin": "*",
      // "Access-Control-Allow-Headers": "Content-Type,X-Amz-Date,Authorization,X-Api-Key,x-requested-with",
      // "Access-Control-Allow-Methods": "OPTIONS,POST,GET,PUT,DELETE",
      // 'Content-Type': 'application/json'
   }
})

我已经在template.yaml，lambda函数和reactJs项目中尝试了Access-Control-Allow-Header，Access-Control-Allow-Methods的每种组合.

I have tried every combination of Access-Control-Allow-Headers, Access-Control-Allow-Methods in my template.yaml, my lambda function and my reactJs project.

当我在API端点上的postman中调用选项时，这就是我的结果.因此，我确实获得了正确的标头，因此据我所知，我的API允许使用CORS.

Here is what my result is when I call options in postman on my API endpoint. Thus I do get the correct headers back so per my understanding my API is allowing CORS.

推荐答案

因此，在与@Jannes Botis进行了非常有益的讨论之后，我找到了解决方案.

So after a very helpfull discussion with @Jannes Botis I found the solution.

在template.yaml中，我将值更改为:

In template.yaml I changed my values to:

Globals:
  Function:
    Timeout: 10
  Api:
    Cors:
      AllowMethods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
      AllowHeaders: "'Content-Type,X-Amz-Date,X-Amz-Security-Token,Authorization,X-Api-Key,X-Requested-With,Accept,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-Headers'"
      AllowOrigin: "'*'"

  MyAPIFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: myendpoint/
      Handler: app.lambdaHandler
      Runtime: nodejs12.x
      Events:
        GetMyData:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /myendpoint
            Method: get
        Options:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /myendpoint
            Method: options
            Auth:
              ApiKeyRequired: false

注意::您将收到错误消息所请求的资源上没有'xxx'标头."其中xxx是Access-Control-Allow-Methods，Access-Control-Allow-Origin和Access-Control-Allow-Headers，因此您需要将它们添加到AllowHeaders中.还要注意，您必须添加一个带有ApiKeyRequired的选项资源:false.

Note: You will get error "No 'xxx' header is present on the requested resource." where xxx is either Access-Control-Allow-Methods, Access-Control-Allow-Origin and Access-Control-Allow-Headers, thus you need to add them in your AllowHeaders. Also note that you have to add an Options resource with ApiKeyRequired: false.

然后，您对选项和get请求的响应应具有相同的标题:

Then your response from your options and get request should have the same headers:

headers: {
    "Access-Control-Allow-Headers": "Content-Type,X-Amz-Date,X-Amz-Security-Token,Authorization,X-Api-Key,X-Requested-With,Accept,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-Headers",
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Methods": "DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT",
    "X-Requested-With": "*"
}

注意:必须接受"，否则您将收到对预检请求的响应未通过访问控制检查:它没有HTTP正常状态.".

当您省略邮递员中的x-api-key时，您的飞行前必须能够通过200 OK.

Your preflight must be able to pass a 200 OK when you ommit the x-api-key in postman.

这篇关于修复CORS“对预检的响应..."；标头不随AWS API网关一起出现并放大的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

修复CORS“对预检的响应..."；标头不随AWS API网关一起出现并放大 [英] Fix CORS "Response to preflight..." header not present with AWS API gateway and amplify

问题描述

推荐答案

相关文章

前端开发最新文章

热门教程

热门工具

登录关闭

修复CORS“对预检的响应..."；标头不随AWS API网关一起出现并放大 [英] Fix CORS &quot;Response to preflight...&quot; header not present with AWS API gateway and amplify

问题描述

推荐答案

相关文章

前端开发最新文章

热门教程

热门工具

登录 关闭

修复CORS“对预检的响应..."；标头不随AWS API网关一起出现并放大 [英] Fix CORS "Response to preflight..." header not present with AWS API gateway and amplify

登录关闭