WSO2 API Manager 的跨域问题 [英] Cross domain problems with WSO2 API Manager
问题描述
我们为客户开发了一些 API,并通过 API Manager 发布了它们.我们为客户提供了一些关于 PHP 的代码示例,这些示例运行良好.唯一的问题是他们通过 AJAX 在与 AM 关联的域不同的域中使用这些 API.这是跨域问题吗?
We have develop some APIs for a client and we have published them through API Manager. We have provided the client with some code examples on PHP which work fine. The only problem is that they are using those APIs through AJAX in a different domain to the one associated with AM. Is this a cross domain problem?
我尝试在 API Manager 前面设置 apache 服务器,并使用以下标头,以便允许跨域
I have tried setting the apache server in front of API Manager with the following headers, so that cross domain is allowed
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, Accept
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
但即使有这些标头,我在拨打 AM 时仍然会收到 401 Unauthorizaed.我尝试过不通过 Apache(端口 8282)直接向 AM 发出请求,但我们仍然遇到同样的问题.
But even with these headers, I still get a 401 Unauthorizaed when making calls to AM. I have tried making the requests directly to AM without going through Apache (port 8282) but we still get the same problem.
推荐答案
是的,这是一个跨域问题.我建议你在下面尝试一下.
Yes this is a cross domain problem. I would suggest you to try out below.
您的 API 是否允许在无身份验证类型中使用OPTIONS"动词?[1] 验证向 API 发送不带 OAuth 标头的 curl 请求.如果您收到带有您提到的 CORS 标头的 200 OK 响应,那应该没问题.例如:
Is your API allowed for 'OPTIONS' verb in None Auth Type? [1]To verify that send a curl request to API with out OAuth headers. If you are getting a 200 OK response with CORS headers which you have mentioned then that should be fine. ex:
curl -v -X OPTIONS http://localhost:8280/testapi
如果它没有返回成功消息,那么您的后端可能不支持 OPTIONS 方法.您可以通过直接向后端服务发送 OPTIONS 请求来验证这一点.您可以在后端服务中启用 OPTIONS,也可以通过修改 API 突触配置来避免 OPTIONS 调用到达后端.
If it is not returning a success message, then your backend might be not supporting OPTIONS method. You can verify that by directly sending an OPTIONS request to your backend service. Either you can enable OPTIONS in your backend service or avoid the OPTIONS call reaching the backend by modifying the API synapse configuration.
例如:-
<api name="admin--TestAPI" context="/test" version="1.0" version-type="url">
<resource methods="POST GET OPTIONS DELETE PUT" url-mapping="/*">
<inSequence>
<filter source="get-property('axis2', 'HTTP_METHOD')" regex="OPTIONS">
<then>
<log level="custom">
<property name="Message" value="Received OPTIONS call, sending back headers"/>
</log>
<property name="Access-Control-Request-Headers" value="authorization,content-type" scope="transport"/>
<property name="Access-Control-Allow-Headers" value="authorization,Access-Control-Allow-Origin,Content-Type" scope="transport"/>
<property name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" scope="transport"/>
<property name="Access-Control-Allow-Origin" value="*" scope="transport"/>
<property name="RESPONSE" value="true" scope="default" type="STRING"/>
<header name="To" action="remove"/>
<send/>
</then>
<else>
<property name="POST_TO_URI" value="true" scope="axis2"/>
<filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
<then>
<send>
<endpoint name="admin--StudentAPI_APIEndpoint_0">
<address uri="http://localhost:8080/sample/1.0/one/">
<timeout>
<duration>30000</duration>
<responseAction>fault</responseAction>
</timeout>
<suspendOnFailure>
<errorCodes>-1</errorCodes>
<initialDuration>0</initialDuration>
<progressionFactor>1.0</progressionFactor>
<maximumDuration>0</maximumDuration>
</suspendOnFailure>
<markForSuspension>
<errorCodes>-1</errorCodes>
</markForSuspension>
</address>
</endpoint>
</send>
</then>
<else>
<sequence key="_sandbox_key_error_"/>
</else>
</filter>
</else>
</filter>
</inSequence>
<outSequence>
<send/>
</outSequence>
</resource>
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler">
<property name="id" value="A"/>
<property name="policyKey" value="gov:/apimgt/applicationdata/tiers.xml"/>
</handler>
<handler class="org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageHandler"/>
<handler class="org.wso2.carbon.apimgt.usage.publisher.APIMgtGoogleAnalyticsTrackingHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/>
</handlers>
</api>
然后将 Access-Control-Allow-Origin 也添加到 Access-Control-Allow-Headers 列表中,并保持其他标题不变.
Then add Access-Control-Allow-Origin as well to the list of Access-Control-Allow-Headers and keep the other headers as it is.
例如:Access-Control-Allow-Headers:授权、Access-Control-Allow-Origin、Content-Type
如果仍然出现错误,能否提供详细的错误消息或示例 PHP 客户端代码?
If you are still getting the error, can you provide the detailed error message or the sample PHP client code?
[1]http://docs.wso2.org/display/AM160/Adding+文档+使用+Swagger
这篇关于WSO2 API Manager 的跨域问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
