[英]Post method with lambda authorizer functional in postman but in front end gives 403 error
I am trying to post a slot through a form.我正在尝试通过表格发布一个插槽。 Only people who specify correct access token can post a slot.
只有指定正确访问令牌的人才能发布插槽。 But even when I enter the correct access token.
但即使我输入了正确的访问令牌。 It gives me error 403 and tells me I am "forbidden".
它给我错误 403 并告诉我我被“禁止访问”。 When I test in post man the post method works.
当我在 post man 中测试时,post 方法有效。 When testing in the front end it doesnt.
在前端测试时它没有。
Error in console CORS configuration控制台CORS 配置错误
Javacript code to add slot添加插槽的 Javacript 代码
function addSlots() {
var response = "";
var jsonData = new Object();
jsonData.restaurant_name_date_time = document.getElementById("date_time_slot").value;
jsonData.number_of_pax = document.getElementById("number_of_pax_2").value;
jsonData.restaurant_name = document.getElementById("restaurant_name_slot").value;
// validate the access token
var access_token = document.getElementById("access_token").value;
console.log(jsonData.restaurant_name_date_time)
console.log(jsonData.number_of_pax)
console.log(jsonData.restaurant_name)
console.log(access_token)
var request = new XMLHttpRequest();
request.open("POST", "https://aba3bnzddd.execute-api.us-east-1.amazonaws.com/slots", true);
request.setRequestHeader("Authorization", "Bearer " + access_token);
console.log(access_token)
request.onload = function () {
response = JSON.parse(request.responseText);
console.log(response)
if (response.message == "slot added") {
alert('Congrats! You have succesfully added a slot');
} else if (response.message == "forbidden") {
alert('Invalid token. Please enter a valid access token.');
} else {
alert('Error. Unable to add slot.');
}
};
request.send(JSON.stringify(jsonData));
}
Lambda Authorizer Code Lambda 授权码
import json
def lambda_handler(event, context):
if event['headers']['authorization'] == 'secretcode':
response = {
"isAuthorized": True,
"context": {
"anyotherparam": "values"
}
}
return response
else:
response = {
"isAuthorized": False,
"context": {
"anyotherparam": "values"
}
}
return response
API Gateway will not attempt to execute your handler lambda if the authorization header it was told to expect is not present in the request, and you'll get a forbidden response. API 如果请求中不存在被告知期望的授权 header,网关将不会尝试执行您的处理程序lambda,您将收到禁止响应。
In your authorizer lambda, it looks like you're expecting the header with a lowercase leter "a" but you're sending a request with an uppercase letter "A".在您的授权方 lambda 中,您似乎期望 header 带有小写字母“a”,但您发送的请求带有大写字母“A”。 It may be case sensitive, so check that.
它可能区分大小写,因此请检查。
Other things to check:其他要检查的事项:
edit编辑
I just noticed the value of the authorization header is "Bearer " + access_token
but your authorizer is checking for the secret code without the Bearer
prefix.我刚刚注意到授权 header 的值是
"Bearer " + access_token
但你的授权人正在检查没有Bearer
前缀的密码。 You may have obfuscated that intentionally, but if that's the actual code then it'll never match.您可能故意混淆了它,但如果那是实际代码,那么它永远不会匹配。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.