API网关CORS:无“ Access-Control-Allow-Origin”标头 [英] API Gateway CORS: no 'Access-Control-Allow-Origin' header
问题描述
尽管已通过API网关设置了CORS并设置了 Access-Control-Allow-Origin
标头,但在尝试调用API时仍然收到以下错误从Chrome中的AJAX中获取:
XMLHttpRequest无法加载
,然后从OPTIONS响应中:
如何在不还原为JSON-P的情况下从浏览器调用我的API?
解决方案我遇到同样的问题。我用了10个小时才找到答案。
https:/ /serverless.com/framework/docs/providers/aws/events/apigateway/
// handler.js
'使用严格';
module.exports.hello =函数(事件,上下文,回调){
const response = {
statusCode:200,
标头:{
Access-Control-Allow-Origin: *,// CORS支持才能正常工作
Access-Control-Allow-Credentials:true // Cookie,授权标头必须HTTPS
},
正文:JSON.stringify({ message: Hello World!})
};
回调(null,response);
};
Although CORS has been set up through API Gateway and the
Access-Control-Allow-Origin
header is set, I still receive the following error when attempting to call the API from AJAX within Chrome:XMLHttpRequest cannot load http://XXXXX.execute-api.us-west-2.amazonaws.com/beta/YYYYY. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.
I attempted to GET the URL through Postman and it shows the above header is successfully passed:
And from the OPTIONS reponse:
How can I call my API from the browser without reverting to JSON-P?
解决方案I get the same problem. I have used 10hrs to findout.
https://serverless.com/framework/docs/providers/aws/events/apigateway/
// handler.js 'use strict'; module.exports.hello = function(event, context, callback) { const response = { statusCode: 200, headers: { "Access-Control-Allow-Origin" : "*", // Required for CORS support to work "Access-Control-Allow-Credentials" : true // Required for cookies, authorization headers with HTTPS }, body: JSON.stringify({ "message": "Hello World!" }) }; callback(null, response); };
这篇关于API网关CORS:无“ Access-Control-Allow-Origin”标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!