首页 文章

WSO2 API Manager CORS

提问于
浏览
2

我已经通过文档(这很棒)并建议更改 repository/conf/api-manager.xml 文件,因为其中有一个CORS配置节点(如下) .

<!--Configuration to enable/disable sending CORS headers in the Gateway response
    and define the Access-Control-Allow-Origin header value.-->
<CORSConfiguration>

    <!--Configuration to enable/disable sending CORS headers from the Gateway-->
    <Enabled>true</Enabled>

    <!--The value of the Access-Control-Allow-Origin header. Default values are
        API Store addresses, which is needed for swagger to function.-->
    <Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>

    <!--Configure Access-Control-Allow-Methods-->
    <Access-Control-Allow-Methods>GET,PUT,POST,DELETE,PATCH,OPTIONS</Access-Control-Allow-Methods>

    <!--Configure Access-Control-Allow-Headers-->
    <Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type</Access-Control-Allow-Headers>

<!--Configure Access-Control-Allow-Credentials-->
<!-- Specifying this header to true means that the server allows cookies (or other user credentials) to be included on cross-origin requests.
     It is false by default and if you set it to true then make sure that the Access-Control-Allow-Origin header does not contain the wildcard (*)
-->
<Access-Control-Allow-Credentials>true</Access-Control-Allow-Credentials>

</CORSConfiguration>

但是,此文件似乎不会将此CORS配置应用于所有 endpoints . 在向我发布的API endpoints 发出请求时,我收到了正确的Access Control标头,但是当我点击令牌 endpoints 时,我没有收到它们(默认 - '/ token','/ revoke') .

我怎么能做到这一点?

wso2 cors wso2-am

2 回答

  • 8

    CORS配置对使用Publisher应用程序创建的API有效 . 此配置不涵盖令牌apis( - '/ token','/ revoke') .

    使用处理程序处理CORS头

    org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler

    如果在/ repository / deployment / server / synapse-configs / default / api中为api打开synapse配置,您将找到此处理程序 .

    您也可以将此处理程序设置为RevokeAPI.xml和TokenAPI.xml . (它们位于相同的位置/ repository / deployment / server / synapse-configs / default / api) . 它在配置文件中会是这样的

    <handlers>
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
     <property name="apiImplementationType" value="ENDPOINT"/>
    </handler>
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
    <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
</handlers>
    回复于
  • 2

    api-manager.xml中的CORS配置仅适用于通过API Manager创建的API . 它不会将这些配置应用于令牌API,例如/ token和/ revoke .

    与令牌API相关的配置位于 {PRODUCT_HOME}/repository/deployment/server/synapse-configs/default/api 目录中 .

    如果需要,您可以编辑 _TokenAPI_.xml 并添加CORS标头 . 您可以将[1]称为有用资源 .

    [1] - http://blog.lakmali.com/2013/10/how-to-add-additional-headers-to-wso2.html

    回复于

相关问题