首页 文章

在Cloudformation模板中为API网关启用CORS

提问于
浏览
15

我正在为我的环境创建AWS Cloudformation模板,但我找不到为API Gateway方法启用CORS的方法 .

我可以使用AWS控制台(here is the official doc)对其进行配置,但是如何在Cloudformation模板中进行配置?

amazon-web-services cors amazon-cloudformation aws-api-gateway

4 回答

  • 1

    经过一些试验和错误后,我发现与CORS控制台向导相比,以下CloudFormation模板代码段将生成等效的OPTIONS方法:

    OptionsMethod:
  Type: AWS::ApiGateway::Method
  Properties:
    AuthorizationType: NONE
    RestApiId:
      Ref: MyApi
    ResourceId:
      Ref: MyResourceOnWhichToEnableCORS
    HttpMethod: OPTIONS
    Integration:
      IntegrationResponses:
      - StatusCode: 200
        ResponseParameters:
          method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
          method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
          method.response.header.Access-Control-Allow-Origin: "'*'"
        ResponseTemplates:
          application/json: ''
      PassthroughBehavior: WHEN_NO_MATCH
      RequestTemplates:
        application/json: '{"statusCode": 200}'
      Type: MOCK
    MethodResponses:
    - StatusCode: 200
      ResponseModels:
        application/json: 'Empty'
      ResponseParameters:
          method.response.header.Access-Control-Allow-Headers: false
          method.response.header.Access-Control-Allow-Methods: false
          method.response.header.Access-Control-Allow-Origin: false

    *Note 1 :这是获取POST默认值的示例 . 显然,您需要更新 Access-Control-Allow-Methods 以包含所需的值 .

    *Note 2 :对最近推出YAML支持的AWS CloudFormation团队表示感谢 . 如果你需要转换为/从YAML / JSON转换,我发现这个网站很方便:http://www.json2yaml.com/

    回复于
  • 30

    API网关对自动CORS配置的支持目前仅适用于API网关控制台 . 当您从swagger导入API或通过CloudFormation定义API时,您仍然可以自己设置CORS,但是您必须指定用于设置OPTIONS方法的所有参数以及将CORS特定标头添加到其他方法 .

    This page显示了在导入swagger时如何设置CORS . 通过CloudFormation设置CORS在概念上类似,但使用CloudFormation语法而不是swagger语法 .

    回复于
  • 0

    它只创建选项方法,还有工作需要做的就是GET,POST等方法的响应,我创建了一个完成的hello world cloudformation

    https://github.com/seraphjiang/aws-cors-cloudformation/tree/master

    回复于
  • 2

    试试这个:

    OPTIONS: 
   Type: AWS::ApiGateway::Method 
   Properties: ApiKeyRequired: false
   RestApiId: !Ref YourAPI 
   ResourceId: !Ref YourResourceName 
   HttpMethod: OPTIONS 
   AuthorizationType: NONE 
   Integration: 
    Type: MOCK 
    IntegrationResponses: 
     - StatusCode: 200 
     ResponseParameters: 
      method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" 
      method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS'" 
      method.response.header.Access-Control-Allow-Origin: "'*'" 
     ResponseTemplates: 
      application/json: '' 
    PassthroughBehavior: WHEN_NO_MATCH 
    RequestTemplates: 
     application/json: '{"statusCode": 200}' 
    Type: MOCK 
   MethodResponses: 
   - StatusCode: 200 
   ResponseModels: 
    application/json: 'Empty' 
   ResponseParameters: 
    method.response.header.Access-Control-Allow-Headers: false 
    method.response.header.Access-Control-Allow-Methods: false 
    method.response.header.Access-Control-Allow-Origin: false
    回复于

相关问题