[英]Unable to set Access-Allow-Control-Origin in AWS api-gateway for CORS - returns invalid format error
I am having trouble with setting up CORS on AWS API-Gateway.我在 AWS API-Gateway 上设置 CORS 时遇到问题。
To provide a bit of background, CORS on API_gateway supports 6 fields as below.为了提供一些背景知识,API_gateway 上的 CORS 支持如下 6 个字段。
Access-Allow-Control-Origin - supports 'https://www.example.com'
, '*'
, 'https://*'
, and 'http://*'
Access-Allow-Control-Origin - 支持
'https://www.example.com'
、 '*'
、 'https://*'
和'http://*'
I got this from https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html我从https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html得到这个
When I try '*'
and 'https://www.domain-name.com'
, I get the following errors:当我尝试
'*'
和'https://www.domain-name.com'
,出现以下错误:
I am not sure what format to follow.我不确定要遵循什么格式。 Also, the
'*'
seems to be referenced in various links.此外,似乎在各种链接中都引用了
'*'
。
Any help greatly appreciated.非常感谢任何帮助。
If you have enabled cors on your api gateway, the next place to look is the application code such as lambda.如果您在 api 网关上启用了 cors,那么接下来要看的地方是 lambda 等应用程序代码。
Make sure the Lambda is returning the correct cross origin headers in both successful and failure scenarios.确保 Lambda 在成功和失败的情况下都返回正确的跨源标头。 please check if your code is returning cross origin headers all the time.
请检查您的代码是否一直在返回跨源头。
To troubleshoot,要排除故障,
Method 1: Check if the request is reaching the lambda from the cloud watch logs.方法一:从云监控日志中检查请求是否到达了lambda。 You can find some useful information such as exceptions thrown by the code.
您可以找到一些有用的信息,例如代码抛出的异常。
Method 2: Point the Api gateway target to the Mock integration type.方法二:将Api网关目标指向Mock集成类型。 If the mock integration works, then the problem is the application code.
如果模拟集成有效,那么问题在于应用程序代码。 otherwise the problem is in your api gateway end point.
否则问题出在您的 api 网关端点。
Also note that any headers you use should be white listed in the Access-Control-Allow-headers section when you enable to cors for your method/resource.另请注意,当您为方法/资源启用 cors 时,您使用的任何标头都应在 Access-Control-Allow-headers 部分中列入白名单。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.