WSO2 API Manager的跨域问题
[英]Cross domain problems with WSO2 API Manager
问题描述
We have develop some APIs for a client and we have published them through API Manager. 
我们已经为客户开发了一些API,我们已经通过API Manager发布了它们。 We have provided the client with some code examples on PHP which work fine. 我们已经为客户端提供了一些关于PHP的代码示例,它们运行良好。 The only problem is that they are using those APIs through AJAX in a different domain to the one associated with AM. 唯一的问题是他们在与AM关联的域中通过AJAX使用这些API。 Is this a cross domain problem? 这是跨域问题吗?
I have tried setting the apache server in front of API Manager with the following headers, so that cross domain is allowed 我尝试使用以下标头在API Manager前面设置apache服务器,以便允许跨域
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, Accept
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin: *
But even with these headers, I still get a 401 Unauthorizaed when making calls to AM. 但即使使用这些标题,我仍然可以在拨打AM时获得401 Unknownizaed。 I have tried making the requests directly to AM without going through Apache (port 8282) but we still get the same problem. 我已经尝试直接向AM发出请求而不通过Apache(端口8282),但我们仍然遇到同样的问题。
2 个解决方案
解决方案1
6 已采纳 2014-01-23 15:00:34
Yes this is a cross domain problem. 是的,这是一个跨域问题。 I would suggest you to try out below. 我建议你试试下面的内容。
Is your API allowed for 'OPTIONS' verb in None Auth Type? 您的API是否允许在“无认证类型”中使用“OPTIONS”动词? [1]To verify that send a curl request to API with out OAuth headers. [1]验证是否向带有OAuth标头的API发送curl请求。 If you are getting a 200 OK response with CORS headers which you have mentioned then that should be fine. 如果您使用CORS标题获得200 OK响应,那么您应该没问题。 ex: 例如:
curl -v -X OPTIONS http://localhost:8280/testapi
If it is not returning a success message, then your backend might be not supporting OPTIONS method. 如果它没有返回成功消息,那么您的后端可能不支持OPTIONS方法。 You can verify that by directly sending an OPTIONS request to your backend service. 您可以通过直接向后端服务发送OPTIONS请求来验证这一点。 Either you can enable OPTIONS in your backend service or avoid the OPTIONS call reaching the backend by modifying the API synapse configuration. 您可以在后端服务中启用OPTIONS,或通过修改API突触配置来避免OPTIONS调用到达后端。
ex:- 例如: -
<api name="admin--TestAPI" context="/test" version="1.0" version-type="url">
<resource methods="POST GET OPTIONS DELETE PUT" url-mapping="/*">
<inSequence>
<filter source="get-property('axis2', 'HTTP_METHOD')" regex="OPTIONS">
<then>
<log level="custom">
<property name="Message" value="Received OPTIONS call, sending back headers"/>
</log>
<property name="Access-Control-Request-Headers" value="authorization,content-type" scope="transport"/>
<property name="Access-Control-Allow-Headers" value="authorization,Access-Control-Allow-Origin,Content-Type" scope="transport"/>
<property name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" scope="transport"/>
<property name="Access-Control-Allow-Origin" value="*" scope="transport"/>
<property name="RESPONSE" value="true" scope="default" type="STRING"/>
<header name="To" action="remove"/>
<send/>
</then>
<else>
<property name="POST_TO_URI" value="true" scope="axis2"/>
<filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
<then>
<send>
<endpoint name="admin--StudentAPI_APIEndpoint_0">
<address uri="http://localhost:8080/sample/1.0/one/">
<timeout>
<duration>30000</duration>
<responseAction>fault</responseAction>
</timeout>
<suspendOnFailure>
<errorCodes>-1</errorCodes>
<initialDuration>0</initialDuration>
<progressionFactor>1.0</progressionFactor>
<maximumDuration>0</maximumDuration>
</suspendOnFailure>
<markForSuspension>
<errorCodes>-1</errorCodes>
</markForSuspension>
</address>
</endpoint>
</send>
</then>
<else>
<sequence key="_sandbox_key_error_"/>
</else>
</filter>
</else>
</filter>
</inSequence>
<outSequence>
<send/>
</outSequence>
</resource>
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler">
<property name="id" value="A"/>
<property name="policyKey" value="gov:/apimgt/applicationdata/tiers.xml"/>
</handler>
<handler class="org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageHandler"/>
<handler class="org.wso2.carbon.apimgt.usage.publisher.APIMgtGoogleAnalyticsTrackingHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/>
</handlers>
</api>
Then add Access-Control-Allow-Origin as well to the list of Access-Control-Allow-Headers and keep the other headers as it is. 然后将Access-Control-Allow-Origin添加到Access-Control-Allow-Headers列表中,并保持其他标题不变。
ex: Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type 例如: Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type
If you are still getting the error, can you provide the detailed error message or the sample PHP client code? 如果仍然出现错误,是否可以提供详细的错误消息或示例PHP客户端代码?
[1] http://docs.wso2.org/display/AM160/Adding+Documentation+Using+Swagger [1] http://docs.wso2.org/display/AM160/Adding+Documentation+Using+Swagger
解决方案2
0 2014-01-23 11:48:48
请将Access-Control-Allow-Headers值更改为授权,Access-Control-Allow-Origin,Content-Type和check。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.