[英]Azure API Management - CORS issue
Providing the following CORS policy at the topmost scope of the Azure API Management:在 Azure API 管理的最顶层提供以下 CORS 策略:
<policies>
<inbound>
<cors>
<allowed-origins>
<origin>*</origin>
</allowed-origins>
<allowed-methods>
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
</inbound>
<backend>
<forward-request />
</backend>
<outbound />
</policies>
When using:使用时:
var xhr = new XMLHttpRequest();
xhr.open('GET', 'https://mydomain.azure-api.net/calc/add?a=5&b=5');
xhr.send();
Raw request:原始请求:
GET https://mydomain.azure-api.net/calc/add?a=5&b=5 HTTP/1.1
Host: mydomain.azure-api.net
Connection: keep-alive
Origin: https://any.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
Accept: */*
Referer: https://any.com/
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,de;q=0.6,pl;q=0.4
I am receiving error message:我收到错误消息:
XMLHttpRequest cannot load https://mydomain.azure-api.net/calc/add?a=5&b=5. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://any.com' is therefore not allowed access. The response had HTTP status code 401.
Raw response:原始回复:
HTTP/1.1 401 Access Denied
Content-Length: 152
Content-Type: application/json
WWW-Authenticate: AzureApiManagementKey realm="https://mydomain.azure-api.net/calc",name="Ocp-Apim-Subscription-Key",type="header"
Date: Fri, 04 Nov 2016 09:31:15 GMT
{ "statusCode": 401, "message": "Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API." }
As soon as I use correct api key:只要我使用正确的 api 密钥:
var xhr = new XMLHttpRequest();
xhr.open('GET', 'https://mydomain.azure-api.net/calc/add?a=5&b=5');
xhr.setRequestHeader('Ocp-Apim-Subscription-Key', '**********************');
xhr.send();
Raw request:原始请求:
GET https://mydomain.azure-api.net/calc/add?a=5&b=5 HTTP/1.1
Host: mydomain.azure-api.net
Connection: keep-alive
Origin: https://any.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
Ocp-Apim-Subscription-Key: **********************
Accept: */*
Referer: https://any.com/
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,de;q=0.6,pl;q=0.4
I am receiving success message.我收到成功消息。
Raw response:原始回复:
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 123
Content-Type: application/xml; charset=utf-8
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Date,Server,X-AspNet-Version,X-Powered-By
Date: Fri, 04 Nov 2016 09:34:44 GMT
<result><value>10</value><broughtToYouBy>Azure API Management - http://azure.microsoft.com/apim/ </broughtToYouBy></result>
Question:问题:
It does look to me like CORS issue happens only when incorrect/no API key is provided, is this expected behaviour from Azure API Management?在我看来,CORS 问题仅在提供不正确/未提供 API 密钥时才会发生,这是 Azure API 管理的预期行为吗?
简而言之,是的,我不确定显示的是正确的错误消息,但是 API 管理解决方案像普通 API 一样基于订阅 ID 和密钥,因此当您未传递所需信息时,我不希望它起作用通过。
This has happened with different instance as well.这也发生在不同的实例中。 I was trying to access a wrong endpoint and still received the same CORS issue on the browser.
我试图访问错误的端点,但仍然在浏览器上收到相同的 CORS 问题。 When I tried the same call through Postman it gave me the Resource not found exception.
当我通过 Postman 尝试相同的调用时,它给了我 Resource not found 异常。 Resource not found/Invalid JWT/JWT Validation failed all gave CORS error in the console.logs.
资源未找到/无效的 JWT/JWT 验证失败都在 console.logs 中给出了 CORS 错误。 It does give the unauthorized error correctly or 500 Internal error correctly.
它确实正确地给出了未经授权的错误或正确地给出了 500 个内部错误。 I verify the actual response on the Postman and attempt to fix it after that.
我验证了 Postman 上的实际响应,然后尝试修复它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.