AWS API网关不存在"Access-Control-Allow-Origin"标头 [英] AWS API Gateway No 'Access-Control-Allow-Origin' header is present
问题描述
我一直陷在API网关的问题上,并且我在AWS论坛上浏览了所有其他SO解答,并通过了他们的文档,但仍然不满意.
I'm stuck on an issue with API gateway and I've gone through all the other SO answers on this, AWS forums and have been through their docs but still no joy.
我正在尝试使用AWS API网关设置API,该API调用Lambda函数,该函数读取/写入DynamoDB中的表.
I am trying to setup an API using AWS API gateway which calls a Lambda function which reads/writes to a table in DynamoDB.
DynamoDB的Lambda函数正在运行.我已经在AWS中创建了一个API,并为其创建了GET和OPTIONS方法.我读到AWS并不只对GET/POST强制执行OPTIONS,但是当没有OPTIONS方法时,我在ajax调用中遇到了预检错误,所以我添加了一个.
The Lambda function to DynamoDB is working. I have created an API in AWS, and created a GET and OPTIONS methods for it. I read AWS does not enforce the OPTIONS for only GET/POST but i was getting a preflight error in my ajax call when there was no OPTIONS method so I added one.
就目前而言,为了取得进展,我不使用API密钥或授权. 我可以使用POSTMAN成功调用我的GET方法,该方法返回DynamoDB表的内容.
For now just to make progress I am not using an API key or Authorization. I can successfully call my GET method using POSTMAN, which returns the contents of the DynamoDB table.
但是当我尝试使用JQuery ajax调用时,我得到了
But when i try using a JQuery ajax call i get
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
我可以在网络标签下看到使用Chrome开发工具,OPTIONS方法返回状态200,而GET返回状态200,但是出现上述错误.
I can see using Chrome dev tools under the network tab, the OPTIONS method returning status 200 and the GET returns status 200 but with the above error.
我尝试过同时在OPTIONS和GET方法上启用CORS,在每次更改后都重新部署了API,并尝试了以下操作( http://enable-cors.org/server_awsapigateway.html ),但始终在控制台中出现相同的错误.
I have tried enabling CORS on both the OPTIONS and GET methods, have re-deployed the API after every change, have tried the following (http://enable-cors.org/server_awsapigateway.html) but always get the same error in the console.
我正在从桌面上的文件执行ajax调用,因此origin为null,因为该页面将作为JS中的单个网页应用程序部署到S3.
I am executing the ajax call from a file on my desktop so origin is null as the page will be deployed to S3 as its a single web page application in JS.
当我在GET和OPTIONS上启用CORS时,我可以看到Access-Control-Allow-Headers为'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token',Access-Control-Allow-Origin *为'*'
When I enabled CORS on my GET and OPTIONS i can see that Access-Control-Allow-Headers is 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token' and Access-Control-Allow-Origin* is '*'
我的Ajax呼叫如下所示.我还尝试复制POSTMAN使用的确切标头,该标头设置了Authorization标头(我已经在AWS中关闭了该标头),但是在
My Ajax call looks like below. I also tried copying the exact headers POSTMAN uses, which has the Authorization header set (which i have turned off in AWS for now) but i always get the same error above
var awsHeaders = {};
awsHeaders['X-Amz-Date'] = '20161127T171734';
$('#add, #cloud').click(function() {
$.ajax({
type: 'GET',
headers: awsHeaders,
dataType : "json",
url: '...',
success: function (res) {
console.log('response in GET:');
console.log(res);
},
error: function(data) {
console.log('in error');
console.log(data);
}
});
});
任何人都可以阐明我可能会想念的东西吗?
Can anyone shed light on what i might be missing?
非常感谢
更新 请参阅以下有关我如何按照DigitalKapteain注释解决此问题的答案-通过在Lambda函数的响应中设置'Access-Control-Allow-Origin':'*'标头.我在AWS文档中寻找了此内容,但找不到它.此链接描述了Lambda和Lambda代理之间的区别,并说明了使用CORS时的操作 https://serverless.com/framework/docs/providers/aws/events/apigateway/
Update See answer below regarding how I solved this as per DigitalKapteain comments - by setting the 'Access-Control-Allow-Origin':'*' header in the response from my Lambda function. I looked for this in the AWS docs but couldn;t find it. This link describes the difference between Lambda and Lambda Proxy and explains what to do when using CORS https://serverless.com/framework/docs/providers/aws/events/apigateway/
推荐答案
对Lambda函数的GET请求的响应也必须包含Access-Control-Allow-Origin标头.
The response for the GET request to the Lambda function must also contain the Access-Control-Allow-Originheader.
这篇关于AWS API网关不存在"Access-Control-Allow-Origin"标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
