在为 Lambda 函数启用 CORS 后,在 Chrome 中被 CORS 策略阻止?
Blocked by CORS policy in Chrome after enabling CORS for Lambda Function?
我在 these instructions 之后的 Lambda 函数的控制台中启用了 CORS。
API 也是一个为所有方法启用 CORS 的快速服务器:
// Enable CORS for all methods
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*")
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
next()
});
但是浏览器仍然阻止请求,因为它没有收到 Access-Control-Allow-Origin header。这是完整的消息:
home:1 Access to XMLHttpRequest at 'https://szxjza7hz5.execute-api.us-east-1.amazonaws.com/loco/myendpoint' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
我们如何解决这个问题?
说明中的测试方法提供了这样的 curl 命令:
curl -v -X OPTIONS -H "Access-Control-Request-Method: POST" -H "Origin: http://localhost:4200" https://szxjza7hz5.execute-api.us-east-1.amazonaws.com/loco
但是由于缺少身份验证令牌而失败:
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 403
< content-type: application/json
< content-length: 42
< date: Wed, 19 Feb 2020 01:45:47 GMT
< x-amzn-requestid: a529894d-19ff-4c95-915b-45c4098d30ea
< x-amzn-errortype: MissingAuthenticationTokenException
< x-amz-apigw-id: IHvz3Fp_IAMF43g=
< x-cache: Error from cloudfront
< via: 1.1 58e86c1faaee1b15c90e95d794e240dd.cloudfront.net (CloudFront)
< x-amz-cf-pop: ORD51-C3
< x-amz-cf-id: jyTAo6OUrhUWWVNOSdk6M0384K515YzE0V9Vgg-WhfXXkLDzLofr9Q==
<
* Connection #0 to host szxjza7hz5.execute-api.us-east-1.amazonaws.com left intact
{"message":"Missing Authentication Token"}
尝试将这些字段添加到响应中 header:
const response = {
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials" : true,
},
body: "...",
statusCode: 200
}
如果不在更新后重新部署 API,您也可能会遇到同样的错误。尝试按如下方式重新部署它:
我在 运行 更新 API 时犯了一个错误。我认为如果我向 express 服务器添加另一个端点 amplify push 会选择并部署它。
我们需要 运行 amplify update API 才能创建新端点。因此,当我对我认为存在的端点进行 API 调用时,它没有通过预检检查,因为没有端点 ...
我在 these instructions 之后的 Lambda 函数的控制台中启用了 CORS。
API 也是一个为所有方法启用 CORS 的快速服务器:
// Enable CORS for all methods
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*")
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
next()
});
但是浏览器仍然阻止请求,因为它没有收到 Access-Control-Allow-Origin header。这是完整的消息:
home:1 Access to XMLHttpRequest at 'https://szxjza7hz5.execute-api.us-east-1.amazonaws.com/loco/myendpoint' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
我们如何解决这个问题?
说明中的测试方法提供了这样的 curl 命令:
curl -v -X OPTIONS -H "Access-Control-Request-Method: POST" -H "Origin: http://localhost:4200" https://szxjza7hz5.execute-api.us-east-1.amazonaws.com/loco
但是由于缺少身份验证令牌而失败:
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 403
< content-type: application/json
< content-length: 42
< date: Wed, 19 Feb 2020 01:45:47 GMT
< x-amzn-requestid: a529894d-19ff-4c95-915b-45c4098d30ea
< x-amzn-errortype: MissingAuthenticationTokenException
< x-amz-apigw-id: IHvz3Fp_IAMF43g=
< x-cache: Error from cloudfront
< via: 1.1 58e86c1faaee1b15c90e95d794e240dd.cloudfront.net (CloudFront)
< x-amz-cf-pop: ORD51-C3
< x-amz-cf-id: jyTAo6OUrhUWWVNOSdk6M0384K515YzE0V9Vgg-WhfXXkLDzLofr9Q==
<
* Connection #0 to host szxjza7hz5.execute-api.us-east-1.amazonaws.com left intact
{"message":"Missing Authentication Token"}
尝试将这些字段添加到响应中 header:
const response = {
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials" : true,
},
body: "...",
statusCode: 200
}
如果不在更新后重新部署 API,您也可能会遇到同样的错误。尝试按如下方式重新部署它:
我在 运行 更新 API 时犯了一个错误。我认为如果我向 express 服务器添加另一个端点 amplify push 会选择并部署它。
我们需要 运行 amplify update API 才能创建新端点。因此,当我对我认为存在的端点进行 API 调用时,它没有通过预检检查,因为没有端点 ...