AWS API Gateway CORS飞行前检查失败 [英] AWS API Gateway CORS pre-flight check fails

问题描述

我正在使用Zappa部署我的应用程序，启用了cors，并且在按API网关"OPTIONS"资源中选项上的测试"按钮时，一切似乎都正常运行.

I'm using Zappa to deploy my application, cors is enabled and everything seems to work OK when pressing the "test" button on the options in API Gateway "OPTIONS" resource.

但是，当我尝试进行CORS飞行前检查时，主体{"message": "Internal server error"}和CloudWatch日志Execution failed due to configuration error: Unable to transform request

However, when I try to do the CORS pre-flight check, I get a 500 error with body {"message": "Internal server error"} and CloudWatch logs Execution failed due to configuration error: Unable to transform request

编辑:

配置如下所示:

编辑2 我尝试通过zappa_settings.json("cors": true)和在AWS控制台中手动单击enable cors来启用CORS

EDIT 2 I've tried enabling the CORS by both via zappa_settings.json ("cors": true) and by manually clicking enable cors in the AWS console

有没有人有任何指针可以进一步调试它?

Does anyone have any pointers how to debug this further?

推荐答案

是否有人有进一步调试此操作的指针?

我有一些东西:

在您的zappa_settings.json中，您没有此选项binary_support: false，对吗?

In your zappa_settings.json, you don't have this option binary_support: false, right?

因为:

您可以保留cors:true，但将binary_support设置为:false-他们不这样做 似乎在一起玩的很好.

You can leave cors: true but set binary_support: false - they don't appear to be playing nicely together.

((此处存在相同的问题，并解决了删除二进制支持的问题)

(here have the same problem and solved removing binary support)

如果没有，您可以尝试以下方法:

If no, you can try this:

• 在选项"方法中，选择模拟"作为集成类型
• 对于资源的每种方法
• 转到响应方法
• 添加所有应支持的响应方法(即200、500等)

• 对于每个响应代码，将响应标头"设置为:

• In OPTIONS method, choose as integration type "mock"
• For each Method of a resource
• Go to Response Method
• Add all the response method that should be supported (i.e. 200, 500, etc.)

• For each response code set Response Headers to:

X-Requested-With

X-Requested-With

访问控制允许标题

访问控制允许来源

访问控制允许方法

转到集成响应"，选择创建的响应代码之一，然后选择页眉映射"

Go to Integration Response, select one of the created response codes, then Header Mappings

为标头插入默认格式 示例:

Insert default falues for headers example:

X-Requested-With:'*'

X-Requested-With: '*'

Access-Control-Allow-Headers:内容类型，X-Amz日期，授权，X-Api-Key，x-要求-"

Access-Control-Allow-Headers: 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,x-requested-with'

访问控制允许来源:"*"

Access-Control-Allow-Origin: '*'

Access-Control-Allow-Methods:"POST，GET，OPTIONS"

Access-Control-Allow-Methods: 'POST,GET,OPTIONS'

每种方法都必须重复此操作，包括新创建的OPTIONS

This operation has to be repeated for each method, including the newly created OPTIONS

(摘录自此处).

我假设您已经检查了以下内容: http ://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html ...

I assume that you already checked this: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html ...

我还认为这是可以考虑的，引自此处:

I also found this to be considered, cited from here:

还应注意，只需在API网关上启用CORS 层是必需的，但对于想要 对经过IAM身份验证的Zappa API进行CORS请求(以及 可能使用其他API网关级别的身份验证器进行了身份验证). 应用程序本身仍然需要以适当的方式进行响应 与CORS相关的标头，但如果 API网关阻止飞行前请求.

It should also be noted that simply enabling CORS at the API gateway layer is necessary but not sufficient for an application that wants to do CORS requests against a Zappa API that is IAM authenticated (and likely authenticated using other API-gateway level authenticators). The application itself will still need to respond with the appropriate CORS related headers, but it doesn't get the opportunity to do that if API Gateway blocks the pre-flight request.

希望对您有帮助！

这篇关于AWS API Gateway CORS飞行前检查失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！