根据查询字符串中的令牌授权AWS API Gateway请求 [英] Authorizing AWS API Gateway requests from token in query string
问题描述
我为API网关设置了一个Cognito授权者,该授权者正确授权了标头中带有id令牌的任何请求。
I have API Gateway set up with a Cognito authorizer that correctly authorizes any request with the id token in the header.
当请求基于XHR时,这很好,因为我可以在准备请求时添加标头。但是,当使用由浏览器直接制作的< audio src = http:// api-gateway / ...>
时,我无法添加此内容。
This is fine when requests are XHR based as I can add the header when preparing the request. However I can't add this when using <audio src="http://api-gateway/...">
which is made directly by the browser.
我所能做的最好是将令牌附加到查询字符串中(?token = ...
),但Cognito仅在标头中接受令牌。
The best I can do is append the token in the querystring (?token=...
) but Cognito only accepts tokens in the headers.
有什么方法可以让Cognito对来自HTML / CSS的请求进行授权?
Is there any way to get Cognito to authorize requests when they come from HTML/CSS?
推荐答案
不幸的是,API Gateway不支持查询字符串或路径参数中的安全令牌。我短期内不会看到这种变化,因此建议您使用适当的JS客户端代码替换所有硬编码的HTML元素。
Unfortunately API Gateway does not support security tokens in query string or path parameters. I do not see this changing in the short term so would recommend replacing any hardcoded HTML elements with appropriate JS client code.
这篇关于根据查询字符串中的令牌授权AWS API Gateway请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!