从API网关自定义授权者返回的401缺少"Access-Control-Allow-Origin"标头 [英] 401 return from an API Gateway Custom Authorizer is missing 'Access-Control-Allow-Origin' header

问题描述

为了防止尚未登录的用户通过AWS API网关调用我的lambda函数，我使用了Custom Authorizer lambda解决方案.

In order to prevent users who have not logged in to call my lambda function through the AWS API Gateway, I'm using the Custom Authorizer lambda solution.

如果请求被授权(200)，并且我从被调用的lambda处获得响应，则一切正常，并且得到了Access-Control-Allow-Origin标头.

If the request is authorized (200) and I get a response from the called lambda everything works fine and I get the Access-Control-Allow-Origin header.

但是，如果请求未被授权，则会收到一个没有Access-Control-Allow-Origin标头的401，因此阻止了我读取响应的401状态并将用户重定向到登录页面.

But if the request is not authorized, I get a 401 that has no Access-Control-Allow-Origin header, therefore preventing me from reading the 401 status of the response and redirecting the user to the log-in page.

我相信这是因为自定义自动化"机制不知道该请求需要使用CORS.有人知道这实际上是问题吗?您知道任何可能的解决方案吗?

I believe this is because the Custom Autorization mechanism is unaware that the request needs to use CORS. Does anyone know that this is actually the issue? Are you aware of any possible solution?

推荐答案

我很高兴宣布新的网关响应功能，该功能使您可以为不调用集成的请求自定义错误响应.这样，即使在失败的身份验证请求中，也可以确保包含CORS标头.

I'm happy to announce the new Gateway Responses feature which allows you to customize the error responses for requests that don't call your integration. This allows you to ensure that CORS headers are included, even on failed auth requests.

请参阅我们的文档. a>，其中包含一个CORS示例.

Read more in our documentation, which includes a CORS example.

这篇关于从API网关自定义授权者返回的401缺少"Access-Control-Allow-Origin"标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！