[英]AWS API Gateway returns access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response
This may seem like it's been asked a million times but I've tried adding to both my frontend (React) and backend (Lambda with Node.js): 这似乎已经被问了一百万遍了,但是我尝试将其前端(React)和后端(带有Node.js的Lambda)都添加进去:
Access-Control-Allow-Headers
Access-Control-Request-Headers
Access-Control-Allow-Methods: 'GET,PUT,POST,DELETE,PATCH,OPTIONS'
But I still get this error: 但我仍然收到此错误:
Access to XMLHttpRequest at 'https://<API-INVOKE-URL>/prod/notes' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
Here's my Lambda code to handle response: 这是我的Lambda代码来处理响应:
function buildOutput(statusCode, data) {
let _response = {
statusCode: statusCode,
headers: {
"Access-Control-Allow-Origin": "*"
},
body: JSON.stringify(data)
};
return _response;
};
Here's my React code to send the POST request: 这是我的React代码,用于发送POST请求:
createNote(note) {
return API.post("notes", "/notes", {
headers: {
"Authorization": this.state.token,
"Access-Control-Allow-Origin": "*"
},
body: {
userid: this.state.username,
noteid: 'new',
content: 'from frontend'
}
});
Headers:Content/Type: application/json
Authorization: <MY_TOKEN>
*With and without* Access-Control-Allow-Origin: *
and it works: the request is sent successfully from PostMan to API Gateway results in a new item in my DynamoDB. 它的工作原理是:请求已成功从PostMan发送到API网关,从而在我的DynamoDB中产生了一个新项目。
CORS requires a direct connection between the client and server. CORS需要客户端和服务器之间的直接连接。 Your browser may be blocking the connection for security reasons.
您的浏览器可能出于安全原因阻止了连接。
HTTP versus HTTPS HTTP与HTTPS
I'd also try enabling downloads on your browser. 我也尝试在您的浏览器上启用下载。
I believe you should also add the bearer to your token in the authorization header like: 我相信您也应该在授权标头中将承载添加到令牌中,例如:
'Bearer TOKEN_VALUE' “承载者TOKEN_VALUE”
Actually adding some data in header converts POST request to OPTIONS. 实际上,在标头中添加一些数据会将POST请求转换为OPTIONS。 So that, it will fire to requests:
这样,它将触发请求:
1) with OPTIONS method 1)使用OPTIONS方法
2) After getting a successfull response for OPTIONS request, the actual API call will occur. 2)获得对OPTIONS请求的成功响应后,将发生实际的API调用。
To handle CORS you should use this in the backend. 要处理CORS,您应该在后端使用它 。
Just to throw some light to the problem. 只是为了阐明问题。 Some browsers will do a "preflight" check to your endpoint.
某些浏览器会对终端进行“预检”检查。 That means that will invoke your endpoint with OPTIONS method before making the POST method call you expect.
这意味着在进行您期望的POST方法调用之前,将使用OPTIONS方法调用端点。 In AWS, go to API Gateway and create a new resource , check the option to Create Options, that will create the default response headers that you need to add to your endpoint.
在AWS中,转到API Gateway并创建一个新资源,选中“创建选项”选项,这将创建您需要添加到端点的默认响应标头。
Thank you, guys. 感谢大伙们。 I've upvoted your answers/suggestions .
我已对您的回答/建议表示赞同 。 I'm sure they're helpful in most cases.
我确信他们在大多数情况下都会有所帮助。 I've figured out why I had that error.
我已经弄清楚为什么会出现该错误。
My bad: I have both resources like this: 我的坏处:我同时拥有两种资源:
/notes/ (method: any)
/notes/{noteid} (method: any)
and the Invoke URL is literally <path>/notes/{noteid}
(with the {}
included in the string) in AWS API Gateway. 并且Invoke URL实际上是AWS API Gateway中的
<path>/notes/{noteid}
(字符串中包含{}
)。 I was assuming it'd be something like /notes/:noteid
我以为它会像
/notes/:noteid
So the frontend code should be like this: 因此前端代码应如下所示:
return API.post("notes", "/notes/{noteid}", {...}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.