[英]Not able to access lambda function when invoked with headers
I am using serverless for creating and deploying my lambda functions.我正在使用无服务器来创建和部署我的 lambda 函数。 I am using
Node.js - HTTP API
template from serverless.我正在使用来自无服务器的
Node.js - HTTP API
模板。 I have created few lambda functions and deployed them using command sls deploy
.我创建了几个 lambda 函数并使用命令
sls deploy
部署了它们。 The functions were deployed successfully and I am able to query lambda function response using postman.功能已成功部署,我可以使用 postman 查询 lambda function 响应。
But, when I want to invoke same lambda function through my React webapp (using axios) it is throwing me A CORS Error
if I included any headers.但是,当我想通过我的 React webapp(使用 axios)调用相同的 lambda function 时,如果我包含任何标头,它会抛出一个
CORS Error
。
For ex.对于前。 I want to send
Authorization
token in header or Content-type
as json
in header. Any of this doesn't worked.我想在 header 中发送
Authorization
令牌,或者在 header 中发送Content-type
为json
这些都不起作用。
After this, I have added following headers in my lambda function response在此之后,我在 lambda function 响应中添加了以下标头
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": true,
After this, in AWS API Gateway console, I have configured CORS with wildcard origin and allowed All HTTP methods.在此之后,在 AWS API 网关控制台中,我配置了 CORS 和通配符来源,并允许所有 HTTP 方法。 After deploying this setup It's still doesn't worked.
部署此设置后它仍然不起作用。
I have also tried tweaking my serverless.yml
file but my bad it didn't worked either我也试过调整我的
serverless.yml
文件,但我的不好,它也没有用
I also stumbled across this issue when I was working with serverless.我在使用无服务器时也偶然发现了这个问题。 I initiated the project using
serverless
and then selected the template as Node.js - HTTP API
.我使用
serverless
启动项目,然后选择模板为Node.js - HTTP API
。
Everything is working as expected in postman but not in my FE which is built using Angular 10.在 postman 中一切都按预期工作,但在我使用 Angular 10 构建的 FE 中却没有。
But, then I came across the Node.js - Express template
provided by serverless.但是,然后我遇到了
Node.js - Express template
。
It contains bare minimum Express.js
code, with availability of configuring CORS as dependency just like classical Node.js
server.它包含最少的
Express.js
代码,可以将 CORS 配置为依赖项,就像经典Node.js
服务器一样。
I have tried it and it worked like a charm !!!我已经尝试过了,它就像一个魅力!
But, Before using it keep in mind
但是,在使用它之前请记住
Node.js
server as a single lambda function.Node.js
服务器部署为单个 lambda function。 If you want default setting, adding the following snippet should do the trick:如果您想要默认设置,添加以下代码片段应该可以解决问题:
provider:
httpApi:
cors: true
For more detailed cors
settings (and also for reference what the shortcut above will do), please refer to: https://www.serverless.com/framework/docs/providers/aws/events/http-api#cors-setup更详细
cors
设置(以及参考上面快捷方式的作用),请参考: https://www.serverless.com/framework/docs/providers/aws/events/http-api#cors-setup
The settings that you have provided is not compliant with CORS specifications.您提供的设置不符合 CORS 规范。 In order to allow your client to send credentials,
Access-Control-Allow-Credentials
header has to be set to true
.为了允许您的客户端发送凭据,必须将
Access-Control-Allow-Credentials
header 设置为true
。 You have done this step correctly.您已正确完成此步骤。 But if you are setting it to
true
, your Access-Control-Allow-Origin
can't be wildcard *
.但是,如果您将其设置为
true
,则您的Access-Control-Allow-Origin
不能是通配符*
。 It has to be the specific domain.它必须是特定域。 One way to solve your issue is to:
解决问题的一种方法是:
OPTIONS
method of your API gateway route.OPTIONS
方法。 This lambda should return a header (only if request comes from your own domain. check it in your lambda logic) "Access-Control-Allow-Origin": "your_frontend_domain_name",
"Access-Control-Allow-Credentials": true,
"Access-Control-Allow-Methods": "POST,DELETE,OPTIONS,GET" (Add only those methods that you need)
Refer to this SO for steps involved有关涉及的步骤,请参阅此 SO
You can refer to this SO post to implement the header setting and caveats on doing it this way.您可以参考这篇 SO 帖子来实现 header 设置,并注意这样做的注意事项。
Why OPTIONS
is needed?为什么需要
OPTIONS
? - Depending upon the API call, browser will trigger a preflight request before making the actual API call. - 根据 API 调用,浏览器将在进行实际 API 调用之前触发预检请求。 This comes as an
OPTIONS
request to your API gateway and it should return correct headers for your browser to make the actual call.这是对您的 API 网关的
OPTIONS
请求,它应该为您的浏览器返回正确的标头以进行实际调用。 For understanding this process better refer to this MDN article为了更好地理解这个过程,请参考这篇MDN 文章
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.