我已经通过文档(这很棒)并建议更改 repository/conf/api-manager.xml 文件,因为其中有一个CORS配置节点(如下) .
<!--Configuration to enable/disable sending CORS headers in the Gateway response
and define the Access-Control-Allow-Origin header value.-->
<CORSConfiguration>
<!--Configuration to enable/disable sending CORS headers from the Gateway-->
<Enabled>true</Enabled>
<!--The value of the Access-Control-Allow-Origin header. Default values are
API Store addresses, which is needed for swagger to function.-->
<Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>
<!--Configure Access-Control-Allow-Methods-->
<Access-Control-Allow-Methods>GET,PUT,POST,DELETE,PATCH,OPTIONS</Access-Control-Allow-Methods>
<!--Configure Access-Control-Allow-Headers-->
<Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type</Access-Control-Allow-Headers>
<!--Configure Access-Control-Allow-Credentials-->
<!-- Specifying this header to true means that the server allows cookies (or other user credentials) to be included on cross-origin requests.
It is false by default and if you set it to true then make sure that the Access-Control-Allow-Origin header does not contain the wildcard (*)
-->
<Access-Control-Allow-Credentials>true</Access-Control-Allow-Credentials>
</CORSConfiguration>
但是,此文件似乎不会将此CORS配置应用于所有 endpoints . 在向我发布的API endpoints 发出请求时,我收到了正确的Access Control标头,但是当我点击令牌 endpoints 时,我没有收到它们(默认 - '/ token','/ revoke') .
我怎么能做到这一点?
2 回答
CORS配置对使用Publisher应用程序创建的API有效 . 此配置不涵盖令牌apis( - '/ token','/ revoke') .
使用处理程序处理CORS头
如果在/ repository / deployment / server / synapse-configs / default / api中为api打开synapse配置,您将找到此处理程序 .
您也可以将此处理程序设置为RevokeAPI.xml和TokenAPI.xml . (它们位于相同的位置/ repository / deployment / server / synapse-configs / default / api) . 它在配置文件中会是这样的
api-manager.xml中的CORS配置仅适用于通过API Manager创建的API . 它不会将这些配置应用于令牌API,例如/ token和/ revoke .
与令牌API相关的配置位于
{PRODUCT_HOME}/repository/deployment/server/synapse-configs/default/api
目录中 .如果需要,您可以编辑
_TokenAPI_.xml
并添加CORS标头 . 您可以将[1]称为有用资源 .[1] - http://blog.lakmali.com/2013/10/how-to-add-additional-headers-to-wso2.html