![](/img/trans.png)
[英]Extract information of request in response mediator in wso2 apim 4.1.0
[英]Include CORS Headers in WSO2 APIM 4.0.0 Token API Response
大家早上好。
I am working witn WSO2 APIM 4.0.0 using WSO2 IS 5.11.0 as Key Manager, when a WSO2 APIM hosted api is called from frontend application, the following error appears in developer's console on the web browser:
Access to XMLHttpRequest at 'https://apim.mydomain/oauth2/token' from origin 'https://frontendapp.mydomain' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
從 Postman 向https://apim.mydomain/oauth2/token
(WSO2 APIM 令牌 API)發出令牌請求,實際上響應中缺少 Access-Control-Allow-Origin。 一些博客和 wso2 文檔建議在令牌 API 中包含 CORSRequestHandler 處理程序,我是這樣做的:
[apim.sync_runtime_artifacts.gateway.skip_list]
apis = ["_OpenService_.xml","_RevokeAPI_.xml", "_TokenAPI_.xml"]
_TokenApi_.xml
文件到 wso2am-4.0.0/repository/deployment/server/synapse-configs/default/api 路徑,代碼如下:
<?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2AMTokenAPI_" context="/oauth2/token" binds-to="default">
<resource methods="POST" binds-to="default" url-mapping="/*" faultSequence="_token_fault_">
<inSequence>
<property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
<property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
<send>
<endpoint>
<http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token">
<timeout>
<duration>60000</duration>
<responseAction>fault</responseAction>
</timeout>
</http>
</endpoint>
</send>
</inSequence>
<outSequence>
<send/>
</outSequence>
</resource>
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="apiImplementationType" value="ENDPOINT"/>
<property name="allowHeaders" value="authorization,Access-Control-Allow-Origin,Content-Type"/>
<property name="allowedOrigins" value="*"/>
<property name="allowedMethods" value="GET,PUT,POST,DELETE,PATCH,OPTIONS"/>
</handler>
</handlers>
</api>
[cors]
allow_generic_http_requests = true
allow_any_origin = true
allowed_origins = []
allow_subdomains = false
supported_methods = [
"GET",
"POST",
"HEAD",
"OPTIONS"
]
support_any_header = true
supported_headers = []
exposed_headers = ["Location","authorization","Access-Control-Allow-Origin","Content-Type"]
supports_credentials = true
max_age = 3600
tag_requests = false
但它仍然沒有工作,來自 WSO2 APIM 令牌 API 的響應不包括 Access-Control-Allow-Origin header
關於如何在新的 WSO2 令牌 API 中啟用 CORSRequestHandler 處理程序並包含所需的 Access-Control-Allow-Origin header 的任何線索?
最好的問候和謝謝
參考文獻: https://github.com/wso2/product-apim/issues/7230 https://medium.com/@suhanr/enable-cors-for-token-api-in-wso2-api-manger-so- that-your-react-app-can-generate-renew-8b45f246a3f2
理想情況下,CORS “Access-Control-Allow-Origin: xyz”l header 需要在啟動 API 請求的應用程序中完成。 因此,您能否在通過 JavaScript 調用 API 的主頁上添加具有 API 管理器和 IS 域名的標頭。
此外,沒有 tld 的主機名(例如 mydomain)表現得很奇怪,所以您可以嘗試使用“mydomain.com”之類的名稱或類似名稱。
請參閱Mozilla上的文章。
例如訪問控制允許來源:*.mydomain.com
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.