WSO2 API 管理器 CORS [英] WSO2 API Manager CORS

问题描述

我想在我的 WSO2 API Manager 实例上为所有端点启用 CORS.我已经阅读了文档(这很棒)，它建议更改 repository/conf/api-manager.xml 文件，因为其中有一个 CORS 配置节点(以下).

I'd like to enable CORS on my WSO2 API Manager instance for all endpoints. I've been through the documentation (which is great) and it suggests altering the repository/conf/api-manager.xml file as there is a CORS configuration node within it (below).

<!--Configuration to enable/disable sending CORS headers in the Gateway response
    and define the Access-Control-Allow-Origin header value.-->
<CORSConfiguration>

    <!--Configuration to enable/disable sending CORS headers from the Gateway-->
    <Enabled>true</Enabled>

    <!--The value of the Access-Control-Allow-Origin header. Default values are
        API Store addresses, which is needed for swagger to function.-->
    <Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>

    <!--Configure Access-Control-Allow-Methods-->
    <Access-Control-Allow-Methods>GET,PUT,POST,DELETE,PATCH,OPTIONS</Access-Control-Allow-Methods>

    <!--Configure Access-Control-Allow-Headers-->
    <Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type</Access-Control-Allow-Headers>

<!--Configure Access-Control-Allow-Credentials-->
<!-- Specifying this header to true means that the server allows cookies (or other user credentials) to be included on cross-origin requests.
     It is false by default and if you set it to true then make sure that the Access-Control-Allow-Origin header does not contain the wildcard (*)
-->
<Access-Control-Allow-Credentials>true</Access-Control-Allow-Credentials>

</CORSConfiguration>

该文件似乎并未将此 CORS 配置应用于所有端点.在向已发布的 API 端点发出请求时，我收到了正确的访问控制标头，但是当我点击令牌端点(默认 - '/token'、'/revoke')时却没有收到它们.

This file doesn't seem to apply this CORS configuration to all endpoints though. I receive the correct Access Control headers when making requests to API endpoints that I've published but I don't receive them when I hit the token endpoints (default - '/token', '/revoke').

我怎样才能做到这一点?

How am I able to achieve this?

推荐答案

CORS 配置对使用 Publisher 应用程序创建的 API 有效.此配置不涵盖令牌 API(-'/token'、'/revoke').

CORS configurations are valid for the APIs created using the Publisher applications. The token apis (- '/token', '/revoke') are not covered from this configurations.

CORS 标头使用处理程序处理

CORS headers are handled using a handler

org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler

如果您在/repository/deployment/server/synapse-configs/default/api 中打开一个 api 的突触配置，您会找到这个处理程序.

If you open a synapse configuration for an api in /repository/deployment/server/synapse-configs/default/api you would find this handler.

您也可以将此处理程序设置为 RevokeAPI.xml 和 TokenAPI.xml.(它们位于同一位置/repository/deployment/server/synapse-configs/default/api).在配置文件中应该是这样的

You can set this handler to the RevokeAPI.xml and TokenAPI.xml as well. (these are in the same location /repository/deployment/server/synapse-configs/default/api). It would be something like this in the configuration file

 <handlers>
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
     <property name="apiImplementationType" value="ENDPOINT"/>
    </handler>
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
</handlers>

这篇关于WSO2 API 管理器 CORS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！