如何允许在 AWS HTTP API 网关中发送 set-cookie?
[英]How to allow set-cookie to be sent in AWS HTTP API Gateway?
问题描述
Note: This question is not about AWS REST API Gateway, this question is about AWS HTTP API Gateway
注意:这个问题不是关于 AWS REST API Gateway,这个问题是关于 AWS HTTP API Gateway
My AWS HTTP API Gateway does not allow cookies to be passed.我的 AWS HTTP API Gateway 不允许传递 cookie。 I am using我在用
- express.js app on server hosted on ECS托管在 ECS 上的服务器上的 express.js 应用程序
- Have set cors as follows:已设置 cors 如下:
On HTTP API Gateway:在 HTTP API 网关上:
On the express.js server I have configured cors in the following way: In app.js在 express.js 服务器上,我以下列方式配置了 cors:在 app.js 中
const cors = require("cors");
app.use(cors({
credentials: true
}));
The response to requests are sent in following way:对请求的响应通过以下方式发送:
const options = {
maxAge: 900000,
httpOnly: true,
secure: true,
sameSite: 'none'
};
res.status(200)
.cookie("accessToken", accessToken, options)
.json({});
When I remove HTTP API Gateway from being in between client and server, the client is receiving cookies properly.当我从客户端和服务器之间删除 HTTP API 网关时,客户端正在正确接收 cookie。 But when calls are made to API Gateway, response is throwing following error:但是当调用 API Gateway 时,响应抛出以下错误:
**Access to fetch at 'https://api.*****.**/login' from origin 'https://cookie.*****.**' has been blocked by CORS policy: Request header field custom_field_name is not allowed by Access-Control-Allow-Headers in preflight response.**
^ How do I resolve this error? ^ 如何解决此错误?
Here is the preflight request and its response from developer console > network这是来自开发者控制台 > 网络的预检请求及其响应
GENERAL一般的
Request URL: https://api.*****.**/login
Request Method: OPTIONS
Status Code: 204
Remote Address: [64:ff9b::306:a6f7]:443
Referrer Policy: strict-origin-when-cross-origin
RESPONSE HEADERS响应头
access-control-allow-headers: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
Access-Control-Allow-Origin: https://cookie.*****.**
access-control-max-age: 0
apigw-requestid: CIlgSiwhBcwEJyQ=
date: Thu, 08 Jul 2021 04:45:02 GMT
REQUEST HEADERS请求头
:authority: api.*****.**
:method: OPTIONS
:path: /login
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
access-control-request-headers: custom_field_name,content-type
access-control-request-method: POST
origin: https://cookie.*****.**
referer: https://cookie.*****.**/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
1 个解决方案
解决方案1
0 2021-07-06 18:49:56
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors-console.html https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors-console.html
Read point number 5 about Access-Control-Allow-Headers阅读关于 Access-Control-Allow-Headers 的第 5 点
That field has the list of allowed headers that you can pass through.该字段包含您可以通过的允许标题列表。 You just need to add set-cookie to that list您只需要将 set-cookie 添加到该列表中
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.