WSO2 API管理器CORS [英] WSO2 API Manager CORS

问题描述

我想在所有端点的WSO2 API Manager实例上启用CORS。
我已经通过文档（这是伟大的），并建议更改 repository / conf / api-manager.xml 文件，因为有一个CORS配置节点（下图）。

I'd like to enable CORS on my WSO2 API Manager instance for all endpoints. I've been through the documentation (which is great) and it suggests altering the repository/conf/api-manager.xml file as there is a CORS configuration node within it (below).

<!--Configuration to enable/disable sending CORS headers in the Gateway response
    and define the Access-Control-Allow-Origin header value.-->
<CORSConfiguration>

    <!--Configuration to enable/disable sending CORS headers from the Gateway-->
    <Enabled>true</Enabled>

    <!--The value of the Access-Control-Allow-Origin header. Default values are
        API Store addresses, which is needed for swagger to function.-->
    <Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>

    <!--Configure Access-Control-Allow-Methods-->
    <Access-Control-Allow-Methods>GET,PUT,POST,DELETE,PATCH,OPTIONS</Access-Control-Allow-Methods>

    <!--Configure Access-Control-Allow-Headers-->
    <Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type</Access-Control-Allow-Headers>

<!--Configure Access-Control-Allow-Credentials-->
<!-- Specifying this header to true means that the server allows cookies (or other user credentials) to be included on cross-origin requests.
     It is false by default and if you set it to true then make sure that the Access-Control-Allow-Origin header does not contain the wildcard (*)
-->
<Access-Control-Allow-Credentials>true</Access-Control-Allow-Credentials>

</CORSConfiguration>

这个文件似乎不适用于所有端点的CORS配置。我向我已经发布的API端点发出请求时收到正确的访问控制头，但是当我点击令牌端点（默认 - '/ token'，'/ revoke'）时，我没有收到它们。

This file doesn't seem to apply this CORS configuration to all endpoints though. I receive the correct Access Control headers when making requests to API endpoints that I've published but I don't receive them when I hit the token endpoints (default - '/token', '/revoke').

我如何实现这一点？

推荐答案

CORS配置对API有效使用Publisher应用程序创建。令牌apis（ - '/ token'，'/ revoke'）不包括在此配置中。

CORS configurations are valid for the APIs created using the Publisher applications. The token apis (- '/token', '/revoke') are not covered from this configurations.

CORS标题是使用处理程序处理的

CORS headers are handled using a handler

org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler

如果您打开api的突触配置/ repository / deployment / server / synapse-configs / default / api你会找到这个处理程序。

If you open a synapse configuration for an api in /repository/deployment/server/synapse-configs/default/api you would find this handler.

你可以将此处理程序设置为 .xml和 TokenAPI .xml。 （这些在同一位置/ repository / deployment / server / synapse-configs / default / api）。在配置文件中会是这样的

You can set this handler to the RevokeAPI.xml and TokenAPI.xml as well. (these are in the same location /repository/deployment/server/synapse-configs/default/api). It would be something like this in the configuration file

 <handlers>
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
     <property name="apiImplementationType" value="ENDPOINT"/>
    </handler>
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
</handlers>

这篇关于WSO2 API管理器CORS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！