当我使用自定义域https://api-dev.testapp.net时:
OPTIONS https://api-dev.testapp.net/dev/locations 403 ()
Failed to load https://api-dev.testapp.net/dev/locations: Response to
preflight request doesn't pass access control check: No 'Access-Control-
Allow-Origin' header is present on the requested resource. Origin
'https://xxxxx0f67xxxxxe7963c04cxxxxx23bf.vfs.cloud9.us-east-
1.amazonaws.com' is therefore not allowed access. The response had HTTP
status code 403. If an opaque response serves your needs, set the
request's mode to 'no-cors' to fetch the resource with CORS disabled.
我已经设置了一个API,其中每个路径都是一个微服务,都指向一个自定义域名 . 每个阶段也有不同的域 .
我使用cognito进行用户身份验证,据我所知,身份验证功能正常 .
这是我的serverless.yml的示例
service: testapp-location
plugins:
- serverless-domain-manager
custom:
stage: ${opt:stage, self:provider.stage}
domains:
prod: api.testapp.net
test: api-test.testapp.net
dev: api-dev.testapp.net
customDomain:
basePath: "locations"
domainName: ${self:custom.domains.${self:custom.stage}}
stage: "${self:custom.stage}"
createRoute53Record: true
package:
include:
- models
provider:
name: aws
runtime: nodejs6.10
stage: ${opt:stage, 'dev'}
environment:
DATABASE_HOST: ${file(../../config/api/${self:provider.stage}.config.json):DATABASE_HOST}
DATABASE_NAME: ${file(../../config/api/${self:provider.stage}.config.json):DATABASE_NAME}
DATABASE_USERNAME: ${file(../../config/api/${self:provider.stage}.config.json):DATABASE_USERNAME}
DATABASE_PASSWORD: ${file(../../config/api/${self:provider.stage}.config.json):DATABASE_PASSWORD}
region: us-east-1
我已确认路由53条目已设置并指向Cloudfront分发 . 还会设置基本路径映射,并且自定义域具有附加到它们的有效TLS证书 .
事情应该有效,但我想我需要一手调试这个 . 任何帮助,将不胜感激 .
Edit 1 :当我使用API网关生成的URL(例如OPTIONS https://nnxxxxxe1d.execute-api.us-east-1.amazonaws.com/dev/locations)而没有添加标头时,请求成功 . 这是有道理的,因为此 endpoints 上没有授权程序,并且它具有硬编码的200响应正文 .
Edit 2 :当我在Postman中运行请求(OPTIONS https://api-dev.testapp.net/dev/locations)时,我收到以下响应:
Connection →keep-alive
Content-Length →23
Content-Type →application/json
Date →Thu, 26 Jul 2018 13:40:59 GMT
Via →1.1 b790a9f06b094xxxxxxxxb87e81d4b7f.cloudfront.net (CloudFront)
X-Amz-Cf-Id →3M9kxxxxxxxxlW9Fos_lZqw-lGdPp9MCI7xFIS2-LcXpjGNolsT7jA==
X-Cache →Error from cloudfront
x-amz-apigw-id →Ko1xxxxxxxxF1LA=
x-amzn-ErrorType →ForbiddenException
x-amzn-RequestId →881153c6-90d9-11e8-8d65-738000007497
这让我觉得问题在于CloudFront拒绝请求 .
1 回答
您的请求中的
Access-Control-Allow-Origin
值是多少?如果您没有,请将以下内容添加到您的请求 Headers 中:我怀疑,因为您的请求通过多个访问点,令牌不会被传递 . 当您为授权用户附加cookie时,也要添加
domain=whateverdomain.com
.