不能在带有CORS的AWS API Gateway上使用自定义请求标头 [英] Can't use custom Request Headers on AWS API Gateway with CORS
问题描述
我已经创建并部署了具有以下结构的AWS API Gateway资源,其中包括自定义HTTP请求标头'X-header'
I have created and deployed an AWS API Gateway resource with the following structure including a custom HTTP Request Header 'X-header'
dev (stage)
/echo (resource)
POST (method)
Method Request - Headers: X-header
OPTIONS (method)
Method Request - Headers: X-header
当我从Chrome发布到端点时,出现以下错误.
When I POST to the endpoint from Chrome, I get the following error.
XMLHttpRequest无法加载 https://fxxxx.execute-api .us-west-2.amazonaws.com/dev/echo .飞行前响应中Access-Control-Allow-Headers不允许请求标头字段X-header.
XMLHttpRequest cannot load https://fxxxx.execute-api.us-west-2.amazonaws.com/dev/echo. Request header field X-header is not allowed by Access-Control-Allow-Headers in preflight response.
Chrome正在针对OPTIONS方法进行预检检查.我可以看到请求标题:
Chrome is doing a preflight check against the OPTIONS method. I can see the Request Headers:
访问控制请求标头:接受,内容类型,x标头
访问控制请求方法:POST
Access-Control-Request-Headers:accept, content-type, x-header
Access-Control-Request-Method:POST
但是响应头仅具有:
访问控制允许标题:Content-Type,X-Amz-Date,授权,X-Api-Key,X-Amz-Security-Token
访问控制允许方法:POST,OPTIONS
访问控制允许来源:*
Access-Control-Allow-Headers:Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
Access-Control-Allow-Methods:POST,OPTIONS
Access-Control-Allow-Origin:*
Chrome希望Response Access-Control-Request-Header包含我的自定义x-header,这似乎很合逻辑.这是API Gateway错误吗?
Chrome expects the Response Access-Control-Request-Headers to include my custom x-header, which seems logical. Is this an API Gateway bug?
我看到的唯一解决方法是删除自定义标头并在POST正文中传递数据.
The only workaround I see is to remove the custom header and pass the data in the POST body.
推荐答案
您可以完全控制API网关中OPTIONS响应上的CORS标头.如果您需要将x-header添加到Access-Control-Allow-Headers标题中,请继续添加它!转到OPTIONS方法的集成响应",然后修改该标头的静态值.
You have full control over the CORS headers on the OPTIONS response in API Gateway. If you need to add x-header to the Access-Control-Allow-Headers header, go ahead and add it! Go to the Integration Response for the OPTIONS method and modify the static value of that header.
首次使用控制台功能配置CORS时(您可能尚未执行此操作),您可以在此处输入标题列表,也可以查看其他高级标题.
When you first configure CORS using the console feature (you may not have done this), you can enter the list of headers there and see other advanced headers as well.
因此,您可以在将来在创建时进行此更改,或者在创建OPTIONS之后立即对其进行更新.
So you can make this change in the future at create-time, or update it on the fly after the OPTIONS has been created.
这篇关于不能在带有CORS的AWS API Gateway上使用自定义请求标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
