AWS Lambda HTTP API网关集成无法实现CORS [英] CORS impossible on AWS Lambda HTTP API Gateway Integration

问题描述

创建了一个返回3个HTTP头的AWS Lamba函数(NodeJS):aaa，Access-Control-Allow-Origin和bbb:

An AWS Lamba function (NodeJS) returning 3 HTTP headers: aaa, Access-Control-Allow-Origin and bbb was created:

exports.handler = async (event) => {
    const response = {
        statusCode: 200,
        headers: { "aaa":"aaa", "Access-Control-Allow-Origin":"*", "bbb":"bbb" },
        body: JSON.stringify('Hello from Lambda!'),
    };
    return response;
};

该功能已集成到HTTP API(不是REST API)中.在HTTP API网关配置的配置CORS"部分中，HTTP标头"Access-Control-Allow-Origin"设置为"*".请查看屏幕截图:

The function is integrated into a HTTP API (not REST API). In the HTTP API Gateway Configuration, Section "Configure CORS", the HTTP header "Access-Control-Allow-Origin" was set to "*". Please see the screenshot:

网关配置

命令"curl -i https://xxxxxxxxx.execute-api .eu-central-1.amazonaws.com "证明已明确删除了HTTP标头Access-Control-Allow-Origin，因为仅返回了HTTP标头aaa和bbb:

The command "curl -i https://xxxxxxxxxx.execute-api.eu-central-1.amazonaws.com" proves that the HTTP Header Access-Control-Allow-Origin is explicitly removed, because only HTTP headers aaa and bbb are returned:

HTTP/2 200 
date: Tue, 14 Apr 2020 11:01:58 GMT
content-type: text/plain; charset=utf-8
content-length: 20
aaa: aaa
bbb: bbb
apigw-requestid: K-S2EjVWliAEJKw=

为什么即使执行了配置CORS"后，此标头仍然不存在?

Why on earth is this header still not present, even after "Configure CORS" was done?

(我正在谷歌搜索超过两天，以便找到解决方案，这让我发疯了)

(I'm googling now for more than two days in order to find a solution and it makes me go nuts)

推荐答案

根据为HTTP API配置CORS -

如果为API配置CORS，则API Gateway会忽略CORS标头 从您的后端集成返回.

If you configure CORS for an API, API Gateway ignores CORS headers returned from your backend integration.

这就是为什么忽略Lambda(集成)中的CORS标头的原因.这是原始REST API与新HTTP API之间的差异之一.如果使用这些API-

That's why the CORS headers from your Lambda (integration) are being ignored. This is one of the differences between the new HTTP APIs from the original REST APIs. In case of these APIs -

对于CORS请求，API网关将已配置的CORS标头添加到 集成的响应.

For a CORS request, API Gateway adds the configured CORS headers to the response from an integration.

进行简单卷曲时，实际上并不是在进行跨域请求.因此，您看不到HTTP API会设置的CORS标头.为了验证CORS请求是否有效，我在下面的请求中传递了 Origin 标头，然后可以看到CORS标头以及来自Lambda的自定义标头-

When you do a simple curl, that is not actual doing a cross-origin request. Hence, you don't see the CORS headers that would be set by the HTTP API. To verify if a CORS request works, I passed an Origin header in the below request and I can see the CORS headers along with my custom headers from Lambda -

$ curl -v -X GET https://$API_ID.execute-api.$AWS_REGION.amazonaws.com -H "Origin: https://www.example.com"

< HTTP/2 200
< date: Tue, 14 Apr 2020 18:02:26 GMT
< content-type: text/plain; charset=utf-8
< content-length: 18
< aaa: aaa
< bbb: bbb
< access-control-allow-origin: https://www.example.com
< access-control-expose-headers: date, x-api-id

以下是我在API上的CORS配置的摘录.我将Access-Control-Allow-Origin值添加为 https://www.example.com 并将其传递为我的curl请求中Origin标头的一部分.这样的请求将被视为CORS.

Below is a snippet of my CORS configuration on the API. I added Access-Control-Allow-Origin value as https://www.example.com and passed this as a part of the Origin header in my curl request. Such a request would qualify as CORS.

这篇关于AWS Lambda HTTP API网关集成无法实现CORS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！