适用于OPTIONS的AWS API Gateway CORS正常,执行POST失败 [英] AWS API Gateway CORS ok for OPTIONS, fail for POST
问题描述
我已经看过SO上的其他相关问题,但这似乎有所不同. 实际上,除了我之外,我的问题与这个问题非常相似没有400状态问题.
I've looked at the other related questions on SO but this seems different. In fact, my question is very similar to this one, except I don't have the 400 status issue.
设置:
-
通过API网关的
- lambda函数
- 授权:无,需要API密钥:false
-
部署到阶段:测试
- lambda function through API Gateway
- Authorization: None, API KEY Required: false
deploying to stage: test
1个资源,1个集成了lambda的POST方法.
1 resource, 1 POST method integrating the lambda.
我使用了启用CORS"选项-我尝试将此选项同时应用于资源和POST请求(然后再部署API).
I've used the "Enable CORS" option - I've tried applying this option on both the resource, and the POST request (and deploying the API afterwards).
在API GW中,我可以在POST方法-方法响应区域下的200个响应标题中看到Access-Control-Allow-Origin.
In API GW, I can see Access-Control-Allow-Origin listed in 200 Response Headers under POST method - Method Response area.
结果:通过Chrome中的客户端代码调用端点,OPTIONS通过了,但由于缺少Access-Control-Allow-Origin标头而导致POST失败.
Result: Calling the endpoint from client code in Chrome, OPTIONS passes but POST fails due to missing Access-Control-Allow-Origin header.
在卷曲中:OPTIONS调用
In curl: OPTIONS call
curl -X OPTIONS -H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: Content-Type" \
-H "Origin: http://example.com" --verbose <endpoint>
响应为:
< HTTP/1.1 200 OK
< Content-Type: application/json
...
< Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< Access-Control-Allow-Methods: POST,OPTIONS
< Access-Control-Allow-Origin: *
...
但使用POST:
curl -X POST -d '{}' -H "Content-Type: application/json" \
-H "Origin: http://example.com" --verbose <endpoint>
它返回:
< HTTP/1.1 200 OK
< Content-Type: application/json
...
和响应json主体-但没有Access-任何标头.
and the response json body - but no Access-anything header.
我还能检查什么?
推荐答案
问题是API网关使用选中的"Lambda Proxy Integration"选项调用了我的lambda函数.
The problem has been that the API gateway has called my lambda function using the "Lambda Proxy Integration" option checked.
我相信在将API网关触发器添加到新创建的lambda函数时,默认情况下会激活此功能.
I believe this is activated by default when adding a API gateway trigger to a newly created lambda function.
在API网关-资源-方法视图中,集成响应"框显示为灰色,似乎没有办法(即使对于Enable CORS功能)在其中添加Access-Control-Allow-Origin标头,根据@ Abhigna_Nagaraja是必需的.
When inside the API Gateway - Resource - Method view, the "Integration Response" box is greyed out and it seems there's no way (even for the Enable CORS function) to add a Access-Control-Allow-Origin header there, which according to @Abhigna_Nagaraja is required.
解决方案:
如果使用"Lambda代理集成",请在您的lambda函数中添加'Access-Control-Allow-Origin': '*'标头.
Solution:
If using "Lambda Proxy Integration", add the 'Access-Control-Allow-Origin': '*' header to your lambda function.
更好:在同一视图-集成请求中,关闭"Lambda代理集成",然后再次启用CORS(此后进行部署).
Even better: in the same view - Integration Request, turn off "Lambda Proxy Integration" and Enable CORS again (deploy afterwards).
(然后,在回调中,您只需要返回有效负载json而不是{ statusCode, headers, body }对象.)
(Then, in the callback, you'll have to return just the payload json instead of the { statusCode, headers, body } object.)
更新:
如果您不确定是返回HTTP状态代码还是json负载中的请求响应状态信息,一些有用的阅读内容:
Some useful reads if you're unsure whether to return request response status information in http status codes or in the json payload:
这篇关于适用于OPTIONS的AWS API Gateway CORS正常,执行POST失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
