使用 AWS API Gateway 时出现错误“访问控制允许来源”
[英]Error 'Access-Control-Allow-Origin' using AWS API Gateway
问题描述
I am trying to make an $ajax request (POST) from my client-side (javascript/browser) to my API (python/flask) through AWS API Gateway.
我正在尝试通过 AWS API Gateway 从我的客户端(javascript/浏览器)向我的 API(python/flask)发出$ajax请求(POST)。 However, I get an error : No 'Access-Control-Allow-Origin' .但是,我收到一个错误: No 'Access-Control-Allow-Origin' 。
I have no problem when I request my API from postman .当我从postman请求我的 API 时,我没有问题。
I cannot enable option jsonp in ajax on my client side since it doesn't work at all.我无法在客户端的 ajax 中启用选项jsonp ,因为它根本不起作用。
So, I've tried to enable cors on API Gateway but my route is a http proxy integration (Method ANY) so according to AWS Docs, I have to enable Cors in the app itself.因此,我尝试在 API Gateway 上启用 cors,但我的路由是http proxy integration (方法 ANY),因此根据 AWS Docs,我必须在应用程序本身中启用 Cors。 So, I did it but that didn't fix the problem.所以,我做到了,但这并没有解决问题。
In my python/flask app i added this:在我的 python/flask 应用程序中,我添加了这个:
@app.after_request
def add_headers(response):
response.headers.add('Access-Control-Allow-Origin', '*')
response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization')
return response
But it still doesn't work.但它仍然不起作用。
Any suggestion ?有什么建议吗?
2 个解决方案
解决方案1
-1 2022-05-26 20:11:25
I believe you have a CORS error issue.我相信你有一个 CORS 错误问题。
First, go to your API Gateway and go to your resource, for example /books , then click on Actions and click activate the CORS like this:首先,转到您的 API 网关并转到您的资源,例如/books ,然后单击操作并单击激活 CORS,如下所示:
Then fill all the options like this:然后像这样填写所有选项:
The Access-Control-Allow-Headers should have this: 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token' Access-Control-Allow-Headers 应该有这个: 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'
Also in the response of your python code you should add this too:同样在你的python代码的响应中,你也应该添加这个:
"Access-Control-Allow-Methods", "*"
Just remember the * is usually used on dev, but you should add the domain where the request will come to the API请记住 * 通常在 dev 上使用,但您应该添加请求将到达 API 的域
解决方案2
-1 2022-05-27 09:10:19
Instead of using '*' , try to set set the effective origin to the Access-Control-Allow-Origin header.尝试将有效来源设置为Access-Control-Allow-Origin标头,而不是使用'*' 。
response.headers.add('Access-Control-Allow-Origin', request.headers.origin)
response.headers.add('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE');
For most headers, the value
'*'only counts as a special wildcard value for requests without credentials (requests withoutHTTPcookies orHTTPauthentication information).'*'仅算作没有凭据的请求(没有HTTPcookie 或HTTP身份验证信息的请求)的特殊通配符值。see Access-Control-Allow-Origin , Access-Control-Allow-Headers , Access-Control-Allow-Methods etc.
According to CORS and caching , you may also have to add the following header.根据CORS 和缓存,您可能还必须添加以下标头。
response.headers.add('Vary', 'Origin')
Further you may have to define xhrFields.withCredentials: true when submitting the request with $.ajax() .此外,您可能必须在使用$.ajax()提交请求时定义xhrFields.withCredentials: true 。
$.ajax({
url: a_cross_domain_url,
xhrFields: {
withCredentials: true
}
...
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.