CORS击败了AWS LAMBDA :( [英] CORS defeats AWS LAMBDA :(

问题描述

我已经阅读了很多有关CORS/Lambda/AWS API Gateway配置的信息，包括AWS的设置帮助: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html 这篇很棒的文章: https://serverless.com/framework/docs/providers/aws/events/apigateway/

I've been reading a lot on CORS/Lambda/AWS API Gateway configuration, including AWS's setup help: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html And this great article: https://serverless.com/framework/docs/providers/aws/events/apigateway/

但是，CORS仍在击败我的API网关/Lambda函数，我无法弄清楚.希望有帮助.

However, CORS is still defeating my API Gateway / Lambda function and I can't figure it out. Would love some help.

这似乎是API网关将请求代理到Lambda上，除了在API网关中启用CORS之外，您还需要在Lambda函数中设置"Access-Control-Allow-Origin":"*"标头，我已经完成了.我收到200的响应，并且可以看到从Lambda函数正确发送回了标头.但是，Chrome/FF仍然给我一个CORS错误.知道为什么吗?

The meat of it seems to be that API Gateway proxies the request onto Lambda and you need to set "Access-Control-Allow-Origin": "*" headers in your Lambda function in addition to enabling CORS in the API Gateway, which I've done. I am getting a 200 response and can see the header being sent back correctly from my Lambda function. However, Chrome/FF still give me a CORS error. Any idea why?

这是我的请求标头:

Host: myawshost.execute-api.us-west-2.amazonaws.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: application/json, text/javascript Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Origin: null DNT: 1 Connection: keep-alive

Host: myawshost.execute-api.us-west-2.amazonaws.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: application/json, text/javascript Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Origin: null DNT: 1 Connection: keep-alive

还有200个响应标头:

And the 200 response headers:

Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 74 Content-Type: application/json Date: Fri, 23 Dec 2016 08:35:02 GMT ...

Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 74 Content-Type: application/json Date: Fri, 23 Dec 2016 08:35:02 GMT ...

一切看起来都不错，成功了吧?但是，我没有从Lambda返回JSON，也没有在控制台中收到此错误消息:

That all looks nice and successful right? But yet, I get no JSON back from Lambda and this error message in console:

"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://myawshost.execute-api.us-west-2.amazonaws.com/prod/view?id=272. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). (unknown)"

但是Access-Control-Allow-Origin并不缺少！我可以在响应中看到它.

But Access-Control-Allow-Origin is not missing! I can see it there in the response.

有什么想法吗?

推荐答案

我也花了很多时间研究这个问题，而对我来说起作用的是在lambda处理程序(Python)中返回了以下内容:

I've also spent quite some time researching this, and what made it work for me was returning the following in the lambda handler (Python):

return {
        'statusCode': status_code,
        'headers': {
            'Content-Type': 'application/json',
            'Access-Control-Allow-Origin': '*'
        },
        'body': status_message if status_code == 200 else 'Failure'
    }

这篇关于CORS击败了AWS LAMBDA :(的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！