首页 文章

AWS S3静态站点CORS jquery ajax POST到API网关

提问于
浏览
0

我们在s3上托管了一个静态网站 .
从页面我们做一个jquery ajax帖子到AWS api gateway / lambda函数 .
我不确定OPTIONS是如何工作的,但是当我们启用'chrome allow cross origin plugin'启用时,一切正常(我们得到了JSON响应),
当插件被禁用时,我们得到错误"Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response"
是否可以在没有插件的情况下执行POST并获得成功的响应我们还在API网关上启用了CORS .

这是AJAX POST

$.ajax({
type: 'POST',
url: API_URL,
data: JSON.stringify(inputdata),
dataType: 'json',
 beforeSend: function(xhr) {
xhr.setRequestHeader("Access-Control-Allow-Origin", "*");
xhr.setRequestHeader("Access-Control-Allow-Methods", "OPTIONS,POST");
xhr.setRequestHeader("Access-Control-Allow-Headers", "X-Requested-With,Access-Control-Allow-Headers,Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token");
xhr.setRequestHeader("Content-Type", "application/json");
 //xhr.setRequestHeader("origin", "http://evil.com/");
},
/*
headers: {

        'Access-Control-Allow-Headers':'Access-Control-Allow-Headers,Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token',
        'Access-Control-Allow-Origin' : '*',
        'Access-Control-Allow-Methods' : 'OPTIONS,POST',
        'Access-Control-Allow-Credentials' : true,
        'Content-Type': 'application/json; charset=utf-8'
},*/
crossDomain: true,
success: function (data) {getdatasuccess(data)},
error: function(data){
console.log("error = "+JSON.stringify(data));
}
});

启用'allow cross origin plugin'插件时的响应标头

:权威:64j2k6w2dc.execute-api.us-east-1.amazonaws.com
:方法:OPTIONS
:路径:/ PROD
:方案:HTTPS
接受:/
accept-encoding:gzip,deflate,br
接受语言:EN-US,EN; Q = 0.8
访问控制请求报头:访问控制 - 允许报头,访问控制 - 允许的方法,访问控制允许来源,内容类型
访问控制请求-方法:POST
来源:http://evil.com/
user-agent:Mozilla / 5.0(Windows NT 6.3; Win64; x64)AppleWebKit / 537.36(KHTML,类似Gecko)Chrome / 61.0.3163.100 Safari / 537.36

禁用'allow cross origin plugin'plugin时的响应标头

:权威:64j2k6w2dc.execute-api.us-east-1.amazonaws.com
:方法:OPTIONS
:路径:/ PROD
:方案:HTTPS
接受:/
accept-encoding:gzip,deflate,br
接受语言:EN-US,EN; Q = 0.8
访问控制请求报头:访问控制 - 允许报头,访问控制 - 允许的方法,访问控制允许来源,内容类型
访问控制请求-方法:POST
来源:https://s3.amazonaws.com
referer:https://s3.amazonaws.com/mysitetest/htmlpage2.html
user-agent:Mozilla / 5.0(Windows NT 6.3; Win64; x64)AppleWebKit / 537.36(KHTML,类似Gecko)Chrome / 61.0.3163.100 Safari / 537.36

jquery cors aws-lambda aws-api-gateway

1 回答

  • 1

    这个对我有用:

    API网关>方法选项>集成响应>标头映射:

    Access-Control-Allow-Headers :'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-XSRF-TOKEN,Access-Control-Allow-Headers,Access-Control-Allow-Origin'

    Access-Control-Allow-Methods :'POST,GET,OPTIONS'

    Access-Control-Allow-Origin :'*'

    从客户端删除不必要的 Headers !

    回复于

相关问题