与WSO2 API管理器的跨域问题 [英] Cross domain problems with WSO2 API Manager
问题描述
我们为客户开发了一些API,我们已经通过API Manager发布了这些API。我们已经为客户端提供了一些PHP的代码示例,它们工作正常。唯一的问题是他们通过AJAX在与AM相关的不同域中使用这些API。这是一个跨域问题吗?
我已经尝试设置apache服务器前面的API管理器与以下标头,以便跨域允许
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Authorization,Content-Type,Accept
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:*
但是即使使用这些头部,我仍然得到401 Unauthorizaed当调用AM。我试图直接向AM请求而不通过Apache(端口8282),但我们仍然得到相同的问题。
有人有同样的问题吗?感谢高级!
是的,这是一个跨域问题。
您的API是否允许在无Auth类型的OPTIONS动词? [1]验证向API发送curl请求时不使用OAuth标头。如果你得到一个200 OK响应与您提到的CORS标题,那么应该是罚款。
例如:
curl -v -X选项http:// localhost:8280 / testapi
如果没有返回成功消息,那么您的后端可能不支持OPTIONS方法。您可以通过直接向您的后端服务发送OPTIONS请求来验证。您可以在后端服务中启用OPTIONS,或者通过修改API突触配置避免到达后端的OPTIONS调用。
例如:
< api name =admin- -TestAPIcontext =/ testversion =1.0version-type =url>
< resource methods =POST GET OPTIONS DELETE PUTurl-mapping =/ *>
< inSequence>
< filter source =get-property('axis2','HTTP_METHOD')regex =OPTIONS>
< then>
< log level =custom>
< property name =Messagevalue =Received OPTIONS call,sending back headers/>
< / log>
< property name =Access-Control-Request-Headersvalue =authorization,content-typescope =transport/>
< property name =Access-Control-Allow-Headersvalue =authorization,Access-Control-Allow-Origin,Content-Typescope =transport/>
< property name =Access-Control-Allow-Methodsvalue =GET,POST,PUT,DELETE,OPTIONSscope =transport/>
< property name =Access-Control-Allow-Originvalue =*scope =transport/>
< property name =RESPONSEvalue =truescope =defaulttype =STRING/>
< header name =Toaction =remove/>
< send />
< / then>
< else>
< property name =POST_TO_URIvalue =truescope =axis2/>
< filter source =$ ctx:AM_KEY_TYPEregex =PRODUCTION>
< then>
< send>
< endpoint name =admin - StudentAPI_APIEndpoint_0>
< address uri =http:// localhost:8080 / sample / 1.0 / one />
< timeout>
< duration> 30000< / duration>
< responseAction> fault< / responseAction>
< / timeout>
< suspendOnFailure>
< errorCodes> -1< / errorCodes>
< initialDuration> 0< / initialDuration>
< progressionFactor> 1.0< / progressionFactor>
< maximumDuration> 0< / maximumDuration>
< / suspendOnFailure>
< markForSuspension>
< errorCodes> -1< / errorCodes>
< / markForSuspension>
< / address>
< / endpoint>
< / then>
< else>
< sequence key =_ sandbox_key_error _/>
< / else>
< / filter>
< / else>
< / filter>
< / inSequence>
< outSequence>
< send />
< / outSequence>
< / resource>
< handlers>
< handler class =org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler/>
< handler class =org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler>
< property name =idvalue =A/>
< property name =policyKeyvalue =gov:/apimgt/applicationdata/tiers.xml/>
< / handler>
< handler class =org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageHandler/>
< handler class =org.wso2.carbon.apimgt.usage.publisher.APIMgtGoogleAnalyticsTrackingHandler/>
< handler class =org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler/>
< / handlers>
< / api>
然后将Access-Control-Allow-Origin添加到Access-
ex:访问控制允许标头:授权,访问控制允许原始,Content-Type
如果您仍然收到错误,可以提供详细的错误消息或示例PHP客户端代码? p>
[1] http:// docs。 wso2.org/display/AM160/Adding+Documentation+Using+Swagger
We have develop some APIs for a client and we have published them through API Manager. We have provided the client with some code examples on PHP which work fine. The only problem is that they are using those APIs through AJAX in a different domain to the one associated with AM. Is this a cross domain problem?
I have tried setting the apache server in front of API Manager with the following headers, so that cross domain is allowed
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, Accept
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
But even with these headers, I still get a 401 Unauthorizaed when making calls to AM. I have tried making the requests directly to AM without going through Apache (port 8282) but we still get the same problem. Has anyone enocountered the same problem? Thanks in advanced!
Yes this is a cross domain problem. I would suggest you to try out below.
Is your API allowed for 'OPTIONS' verb in None Auth Type? [1]To verify that send a curl request to API with out OAuth headers. If you are getting a 200 OK response with CORS headers which you have mentioned then that should be fine. ex:
curl -v -X OPTIONS http://localhost:8280/testapi
If it is not returning a success message, then your backend might be not supporting OPTIONS method. You can verify that by directly sending an OPTIONS request to your backend service. Either you can enable OPTIONS in your backend service or avoid the OPTIONS call reaching the backend by modifying the API synapse configuration.
ex:-
<api name="admin--TestAPI" context="/test" version="1.0" version-type="url">
<resource methods="POST GET OPTIONS DELETE PUT" url-mapping="/*">
<inSequence>
<filter source="get-property('axis2', 'HTTP_METHOD')" regex="OPTIONS">
<then>
<log level="custom">
<property name="Message" value="Received OPTIONS call, sending back headers"/>
</log>
<property name="Access-Control-Request-Headers" value="authorization,content-type" scope="transport"/>
<property name="Access-Control-Allow-Headers" value="authorization,Access-Control-Allow-Origin,Content-Type" scope="transport"/>
<property name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" scope="transport"/>
<property name="Access-Control-Allow-Origin" value="*" scope="transport"/>
<property name="RESPONSE" value="true" scope="default" type="STRING"/>
<header name="To" action="remove"/>
<send/>
</then>
<else>
<property name="POST_TO_URI" value="true" scope="axis2"/>
<filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
<then>
<send>
<endpoint name="admin--StudentAPI_APIEndpoint_0">
<address uri="http://localhost:8080/sample/1.0/one/">
<timeout>
<duration>30000</duration>
<responseAction>fault</responseAction>
</timeout>
<suspendOnFailure>
<errorCodes>-1</errorCodes>
<initialDuration>0</initialDuration>
<progressionFactor>1.0</progressionFactor>
<maximumDuration>0</maximumDuration>
</suspendOnFailure>
<markForSuspension>
<errorCodes>-1</errorCodes>
</markForSuspension>
</address>
</endpoint>
</send>
</then>
<else>
<sequence key="_sandbox_key_error_"/>
</else>
</filter>
</else>
</filter>
</inSequence>
<outSequence>
<send/>
</outSequence>
</resource>
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler">
<property name="id" value="A"/>
<property name="policyKey" value="gov:/apimgt/applicationdata/tiers.xml"/>
</handler>
<handler class="org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageHandler"/>
<handler class="org.wso2.carbon.apimgt.usage.publisher.APIMgtGoogleAnalyticsTrackingHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/>
</handlers>
</api>
Then add Access-Control-Allow-Origin as well to the list of Access-Control-Allow-Headers and keep the other headers as it is.
ex: Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type
If you are still getting the error, can you provide the detailed error message or the sample PHP client code?
[1]http://docs.wso2.org/display/AM160/Adding+Documentation+Using+Swagger
这篇关于与WSO2 API管理器的跨域问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
