[英]How to allow set-cookie to be sent in AWS HTTP API Gateway?
Note: This question is not about AWS REST API Gateway, this question is about AWS HTTP API Gateway注意:这个问题不是关于 AWS REST API Gateway,这个问题是关于 AWS HTTP API Gateway
My AWS HTTP API Gateway does not allow cookies to be passed.我的 AWS HTTP API Gateway 不允许传递 cookie。 I am using
我在用
On HTTP API Gateway:在 HTTP API 网关上:
On the express.js server I have configured cors in the following way: In app.js在 express.js 服务器上,我以下列方式配置了 cors:在 app.js 中
const cors = require("cors");
app.use(cors({
credentials: true
}));
The response to requests are sent in following way:对请求的响应通过以下方式发送:
const options = {
maxAge: 900000,
httpOnly: true,
secure: true,
sameSite: 'none'
};
res.status(200)
.cookie("accessToken", accessToken, options)
.json({});
When I remove HTTP API Gateway from being in between client and server, the client is receiving cookies properly.当我从客户端和服务器之间删除 HTTP API 网关时,客户端正在正确接收 cookie。 But when calls are made to API Gateway, response is throwing following error:
但是当调用 API Gateway 时,响应抛出以下错误:
**Access to fetch at 'https://api.*****.**/login' from origin 'https://cookie.*****.**' has been blocked by CORS policy: Request header field custom_field_name is not allowed by Access-Control-Allow-Headers in preflight response.**
^ How do I resolve this error? ^ 如何解决此错误?
GENERAL一般的
Request URL: https://api.*****.**/login
Request Method: OPTIONS
Status Code: 204
Remote Address: [64:ff9b::306:a6f7]:443
Referrer Policy: strict-origin-when-cross-origin
RESPONSE HEADERS响应头
access-control-allow-headers: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
Access-Control-Allow-Origin: https://cookie.*****.**
access-control-max-age: 0
apigw-requestid: CIlgSiwhBcwEJyQ=
date: Thu, 08 Jul 2021 04:45:02 GMT
REQUEST HEADERS请求头
:authority: api.*****.**
:method: OPTIONS
:path: /login
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
access-control-request-headers: custom_field_name,content-type
access-control-request-method: POST
origin: https://cookie.*****.**
referer: https://cookie.*****.**/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors-console.html https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors-console.html
Read point number 5 about Access-Control-Allow-Headers阅读关于 Access-Control-Allow-Headers 的第 5 点
That field has the list of allowed headers that you can pass through.该字段包含您可以通过的允许标题列表。 You just need to add set-cookie to that list
您只需要将 set-cookie 添加到该列表中
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.