使用标头调用时无法访问 lambda function
[英]Not able to access lambda function when invoked with headers
问题描述
I am using serverless for creating and deploying my lambda functions.
我正在使用无服务器来创建和部署我的 lambda 函数。 I am using Node.js - HTTP API template from serverless.我正在使用来自无服务器的Node.js - HTTP API模板。 I have created few lambda functions and deployed them using command sls deploy .我创建了几个 lambda 函数并使用命令sls deploy部署了它们。 The functions were deployed successfully and I am able to query lambda function response using postman.功能已成功部署,我可以使用 postman 查询 lambda function 响应。
But, when I want to invoke same lambda function through my React webapp (using axios) it is throwing me A CORS Error if I included any headers.但是,当我想通过我的 React webapp(使用 axios)调用相同的 lambda function 时,如果我包含任何标头,它会抛出一个CORS Error 。
For ex.对于前。 I want to send Authorization token in header or Content-type as json in header. Any of this doesn't worked.我想在 header 中发送Authorization令牌,或者在 header 中发送Content-type为json这些都不起作用。
After this, I have added following headers in my lambda function response在此之后,我在 lambda function 响应中添加了以下标头
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": true,
After this, in AWS API Gateway console, I have configured CORS with wildcard origin and allowed All HTTP methods.在此之后,在 AWS API 网关控制台中,我配置了 CORS 和通配符来源,并允许所有 HTTP 方法。 After deploying this setup It's still doesn't worked.部署此设置后它仍然不起作用。
I have also tried tweaking my serverless.yml file but my bad it didn't worked either我也试过调整我的serverless.yml文件,但我的不好,它也没有用
4 个解决方案
解决方案1
2 已采纳 2022-11-13 03:12:36
I also stumbled across this issue when I was working with serverless.我在使用无服务器时也偶然发现了这个问题。 I initiated the project using serverless and then selected the template as Node.js - HTTP API .我使用serverless启动项目,然后选择模板为Node.js - HTTP API 。
Everything is working as expected in postman but not in my FE which is built using Angular 10.在 postman 中一切都按预期工作,但在我使用 Angular 10 构建的 FE 中却没有。
But, then I came across the Node.js - Express template provided by serverless.但是,然后我遇到了Node.js - Express template 。
It contains bare minimum Express.js code, with availability of configuring CORS as dependency just like classical Node.js server.它包含最少的Express.js代码,可以将 CORS 配置为依赖项,就像经典Node.js服务器一样。
I have tried it and it worked like a charm !!!我已经尝试过了,它就像一个魅力!
But, Before using it keep in mind但是,在使用它之前请记住
- It will deploy a whole
Node.jsserver as a single lambda function.它将整个Node.js服务器部署为单个 lambda function。 - Means, all the API's will be inside a single lambda and not as one lambda one API意味着,所有的 API 都将在一个 lambda 中,而不是一个 lambda 一个 API
- It will enable manual configuration of CORS它将启用 CORS 的手动配置
解决方案2
1 2022-11-11 17:50:31
If you want default setting, adding the following snippet should do the trick:如果您想要默认设置,添加以下代码片段应该可以解决问题:
provider:
httpApi:
cors: true
For more detailed cors settings (and also for reference what the shortcut above will do), please refer to: https://www.serverless.com/framework/docs/providers/aws/events/http-api#cors-setup更详细cors设置(以及参考上面快捷方式的作用),请参考: https://www.serverless.com/framework/docs/providers/aws/events/http-api#cors-setup
解决方案3
0 2022-11-11 10:50:27
In the AWS API Gateway console, under CORS tab you have to allow the relevant headers under Access-Control-Allow-Headers在AWS API 网关控制台中,在CORS选项卡下,您必须允许Access-Control-Allow-Headers下的相关标头
解决方案4
0 2022-11-14 00:57:56
The settings that you have provided is not compliant with CORS specifications.您提供的设置不符合 CORS 规范。 In order to allow your client to send credentials, Access-Control-Allow-Credentials header has to be set to true .为了允许您的客户端发送凭据,必须将Access-Control-Allow-Credentials header 设置为true 。 You have done this step correctly.您已正确完成此步骤。 But if you are setting it to true , your Access-Control-Allow-Origin can't be wildcard * .但是,如果您将其设置为true ,则您的Access-Control-Allow-Origin 不能是通配符* 。 It has to be the specific domain.它必须是特定域。 One way to solve your issue is to:解决问题的一种方法是:
- Create a lambda, which is attached to
OPTIONSmethod of your API gateway route.创建一个 lambda,它附加到您的 API 网关路由的OPTIONS方法。 This lambda should return a header (only if request comes from your own domain. check it in your lambda logic)此 lambda 应返回 header(仅当请求来自您自己的域时。在您的 lambda 逻辑中检查它)
"Access-Control-Allow-Origin": "your_frontend_domain_name",
"Access-Control-Allow-Credentials": true,
"Access-Control-Allow-Methods": "POST,DELETE,OPTIONS,GET" (Add only those methods that you need)
Refer to this SO for steps involved有关涉及的步骤,请参阅此 SO
- Add the headers mentioned above in your main lambda function which handles the business logic.在处理业务逻辑的主 lambda function 中添加上述标头。 Again ensure that the backend received the request from appropriate frontend.再次确保后端收到来自适当前端的请求。
- Remove CORS configuration that you set manually on your API gateway.删除您在 API 网关上手动设置的 CORS 配置。
You can refer to this SO post to implement the header setting and caveats on doing it this way.您可以参考这篇 SO 帖子来实现 header 设置,并注意这样做的注意事项。
Why OPTIONS is needed?为什么需要OPTIONS ? - Depending upon the API call, browser will trigger a preflight request before making the actual API call. - 根据 API 调用,浏览器将在进行实际 API 调用之前触发预检请求。 This comes as an OPTIONS request to your API gateway and it should return correct headers for your browser to make the actual call.这是对您的 API 网关的OPTIONS请求,它应该为您的浏览器返回正确的标头以进行实际调用。 For understanding this process better refer to this MDN article为了更好地理解这个过程,请参考这篇MDN 文章
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.