API网关CORS问题 [英] API Gateway CORS Issue
问题描述
因此,我已通过AWS Gateway给出的基本设置启用了CORS.但是,对于此API,我需要允许所有请求都使用Control Origins并允许凭据.
So I have CORS enabled going through the basic setup given by AWS Gateway. However for this API I need to allow Control Origins for all requests and allow credentials.
这是它的样子
您可能已经猜到的问题是,CORS不允许此设置,您不能使用Origin的通配符并将凭据设置为true.通常,解决此问题的方法是仅获取请求的域,并将其添加到Origin Header中.这或多或少是我想要做的.但是我不知道如何获取该信息并将其添加为映射值. API Gateway在哪里存储该信息,我该如何获取?
The issue as you may have guessed is this setup is not allowed by CORS, you can not have a wildcard for Origin and have credentials as true. Normally the work around for this is to just grab the requesting domain and add it into the Origin Header. Which is more or less what I want to do. But I don't know how to get that information and add it as a mapping value. Where does API Gateway store that information and how do i get it?
更新: 我必须通过HTTP标头主机传递到我应该在前面提到的Lambda函数,我尝试实现下面的Answer,但是我无法使用提供的说明访问标头以将其传递给Lambda函数.非常感谢您提供任何帮助.
UPDATE: I have to pass through HTTP Header Host to my Lambda Function which I should have mentioned earlier, I have tried implementing the Answer below but I cannot access the header to pass it to the Lambda function using the instructions provided. Any more assistance with this is greatly appreciated.
推荐答案
好的,经过数小时的研究并在互联网上找到了一些信息,我有一个解决方案,希望它对其他人有用.
Okay After hours of research and finding bits of information across the internet I have a solution and hopefully it is useful for other people.
要传递不是AWS API Gateway提供的默认值的HTTP标头,然后通过Lambda函数访问该数据并在响应标头"中返回该数据,请按照以下步骤操作
To pass an HTTP Header that is not a default value provided by AWS API Gateway and then access that data via a Lambda Function and return that data in the Response Header follow the steps below
-
在方法请求"中,转到"HTTP请求标头",然后添加要捕获的所需标头. IE.如果我们要获取API网址的主机值,则可以在此处输入主机".如果您想获得呼叫者的网站托管人,请使用来源"
In "Method Request" go to "HTTP Request Headers" and add your desired header to capture. ie. if we want to get the host value of the API url you can enter "Host" here. if you want to get the website host of the caller use "Origin"
在集成请求"中,如果不存在"application/json"(如果只是对其进行更新),则转到映射模板并创建一个新模板.
In "Integration Request" go to mapping templates and create a new template if an "application/json" does not exist, if it does just update it.
这是重要的部分,传递在步骤1中设置的标头值.为此,请在模板框"中编写类似以下内容的内容.
This is the important part, pass the header value you set in step 1. To do that write something similar to the following in the Template Box.
{
"origin" : "$input.params().header.Origin",
"host" : "$input.params().header.Host"
}
您还可以传入在同一JSON中定义的所有url参数.
You can also pass in any url parameters you have defined in the same JSON.
-
访问来自Lambda的数据,如果使用Node作为Lambda后端代码,则集成请求会将信息传递到事件"参数中.要检索任何标头的值,只需在处理程序中使用以下内容即可.
Access the data from Lambda, The integration request passed the information into the "Event" parameter if using Node as the Lambda Backend code. to retrieve the value of any header just use the following within your handler.
event.origin;
当将您的响应从Lambda发送回API网关时,最好以JSON格式设置响应.与此类似.
When sending back your response from Lambda to API Gateway, it is best to format the response in JSON. Something similar to this.
{
"origin" : event.origin,
"host" : event.host,
"nonHeaderOutput" : "Hello World"
}
在集成响应"中转到标题映射",如果未列出所需的标题,则可以将其添加到方法响应"中,然后它将出现在此处.在此示例中,我使用"Access-Control-Allow-Origin"并将映射值"编辑为integration.response.body.origin
现在转到映射模板,然后选择要使用的内容类型,然后通过将模板添加到模板框中来编辑模板以访问非标题响应
now go to "Mapping Templates and select the content type you want to use, and then edit the template to access the non header responses by adding this to the Template Box
$input.path("$.nonHeaderOutput")
就是这样,发送到API的标头现在可以在您的方法Response中使用了.
That is it now the header that was sent to the API can be used in your method Response.
这篇关于API网关CORS问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
