WSO2 API管理器CORS [英] WSO2 API Manager CORS
问题描述
我想在所有端点的WSO2 API Manager实例上启用CORS。
我已经通过文档(这是伟大的),并建议更改 repository / conf / api-manager.xml 文件,因为有一个CORS配置节点(下图)。
I'd like to enable CORS on my WSO2 API Manager instance for all endpoints. I've been through the documentation (which is great) and it suggests altering the repository/conf/api-manager.xml file as there is a CORS configuration node within it (below).
<!--Configuration to enable/disable sending CORS headers in the Gateway response
and define the Access-Control-Allow-Origin header value.-->
<CORSConfiguration>
<!--Configuration to enable/disable sending CORS headers from the Gateway-->
<Enabled>true</Enabled>
<!--The value of the Access-Control-Allow-Origin header. Default values are
API Store addresses, which is needed for swagger to function.-->
<Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>
<!--Configure Access-Control-Allow-Methods-->
<Access-Control-Allow-Methods>GET,PUT,POST,DELETE,PATCH,OPTIONS</Access-Control-Allow-Methods>
<!--Configure Access-Control-Allow-Headers-->
<Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type</Access-Control-Allow-Headers>
<!--Configure Access-Control-Allow-Credentials-->
<!-- Specifying this header to true means that the server allows cookies (or other user credentials) to be included on cross-origin requests.
It is false by default and if you set it to true then make sure that the Access-Control-Allow-Origin header does not contain the wildcard (*)
-->
<Access-Control-Allow-Credentials>true</Access-Control-Allow-Credentials>
</CORSConfiguration>
这个文件似乎不适用于所有端点的CORS配置。我向我已经发布的API端点发出请求时收到正确的访问控制头,但是当我点击令牌端点(默认 - '/ token','/ revoke')时,我没有收到它们。
This file doesn't seem to apply this CORS configuration to all endpoints though. I receive the correct Access Control headers when making requests to API endpoints that I've published but I don't receive them when I hit the token endpoints (default - '/token', '/revoke').
我如何实现这一点?
推荐答案
CORS配置对API有效使用Publisher应用程序创建。令牌apis( - '/ token','/ revoke')不包括在此配置中。
CORS configurations are valid for the APIs created using the Publisher applications. The token apis (- '/token', '/revoke') are not covered from this configurations.
CORS标题是使用处理程序处理的
CORS headers are handled using a handler
org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler
如果您打开api的突触配置/ repository / deployment / server / synapse-configs / default / api你会找到这个处理程序。
If you open a synapse configuration for an api in /repository/deployment/server/synapse-configs/default/api you would find this handler.
你可以将此处理程序设置为 .xml和 TokenAPI .xml。 (这些在同一位置/ repository / deployment / server / synapse-configs / default / api)。在配置文件中会是这样的
You can set this handler to the RevokeAPI.xml and TokenAPI.xml as well. (these are in the same location /repository/deployment/server/synapse-configs/default/api). It would be something like this in the configuration file
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="apiImplementationType" value="ENDPOINT"/>
</handler>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
</handlers>
这篇关于WSO2 API管理器CORS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!