问题:
API网关Cloudformation CORS
董法
我试图使用CloudFormation在API网关中部署一个API。这些方法要求启用CORS,我按照这里的模板在Cloudformation模板中启用CORS for API Gateway来做到这一点。这是我的模板
AuthorizerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "sts:AssumeRole"
Effect: "Allow"
Principal:
Service:
- "apigateway.amazonaws.com"
Policies:
- PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "lambda:invokeFunction"
Effect: "Allow"
Resource:
- !GetAtt "MyAPIAuthorizer.Arn"
PolicyName: "lambda"
Authorizer:
Type: AWS::ApiGateway::Authorizer
Properties:
AuthorizerResultTtlInSeconds: 0
AuthorizerCredentials: !GetAtt "AuthorizerRole.Arn"
AuthorizerUri:
Fn::Join:
- ""
-
- "arn:aws:apigateway:"
- Ref: "AWS::Region"
- ":lambda:path/2015-03-31/functions/"
- Fn::GetAtt:
- "MyAPIAuthorizer"
- "Arn"
- "/invocations"
Type: "TOKEN"
IdentitySource: "method.request.header.token"
Name: "DefaultAuthorizer"
RestApiId: !Ref RestApi
MyAPIAuthorizer:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: my-My-lambda-us-east-1
S3Key: node_lambdas.zip
Handler: My-APIAuthorizer.handler
Role: !Ref Role
Runtime: nodejs6.10
Timeout: 300
VpcConfig:
SecurityGroupIds:
- !Ref SecurityGroup
SubnetIds: !Ref Subnets
MyAuthenticateUser:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: My-My-lambda-us-east-1
S3Key: node_lambdas.zip
Handler: My-AuthenticateUser.handler
Role: !Ref Role
Runtime: nodejs6.10
Timeout: 300
VpcConfig:
SecurityGroupIds:
- !Ref SecurityGroup
SubnetIds: !Ref Subnets
#Policies: AWSLambdaDynamoDBExecutionRole
MyAuthenticateUserApiGatewayInvoke:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt "MyAuthenticateUser.Arn"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${RestApi}/*/*/*"
MyAuthenticateUserResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId: !Ref RestApi
ParentId: !Ref ApiResourceParent
PathPart: authenticateuser
MyAuthenticateUserPost:
Type: AWS::ApiGateway::Method
Properties:
RestApiId: !Ref RestApi
ResourceId: !Ref MyAuthenticateUserResource
HttpMethod: POST
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS
Uri: !Sub
- "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations"
- lambdaArn: !GetAtt "MyAuthenticateUser.Arn"
IntegrationResponses:
- StatusCode: 200
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: "'*'"
MethodResponses:
- StatusCode: 200
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: true
MyAuthenticateUserOptions:
Type: AWS::ApiGateway::Method
Properties:
RestApiId: !Ref RestApi
ResourceId: !Ref MyAuthenticateUserResource
HttpMethod: OPTIONS
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
IntegrationResponses:
- StatusCode: 200
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,token'"
method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
Type: MOCK
MethodResponses:
- StatusCode: 200
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
MyFunction:
Type: AWS::Lambda::Function
Properties:
Code:
S3Bucket: My-My-lambda-us-east-1
S3Key: node_lambdas.zip
Handler: My-Function.handler
Role: !Ref Role
Runtime: nodejs6.10
Timeout: 300
VpcConfig:
SecurityGroupIds:
- !Ref SecurityGroup
SubnetIds: !Ref Subnets
#Policies: AWSLambdaDynamoDBExecutionRole
MyFunctionApiGatewayInvoke:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt "MyFunction.Arn"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${RestApi}/*/*/*"
MyFunctionResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId: !Ref RestApi
ParentId: !Ref ApiResourceParent
PathPart: Function
MyFunctionGet:
Type: AWS::ApiGateway::Method
Properties:
RestApiId: !Ref RestApi
ResourceId: !Ref MyFunctionResource
HttpMethod: GET
AuthorizationType: CUSTOM
AuthorizerId: !Ref Authorizer
Integration:
IntegrationHttpMethod: GET
Type: AWS
Uri: !Sub
- "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations"
- lambdaArn: !GetAtt "MyFunction.Arn"
IntegrationResponses:
- StatusCode: 200
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: "'*'"
MethodResponses:
- StatusCode: 200
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: true
MyFunctionOptions:
Type: AWS::ApiGateway::Method
Properties:
RestApiId: !Ref RestApi
ResourceId: !Ref MyFunctionResource
HttpMethod: OPTIONS
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: GET
IntegrationResponses:
- StatusCode: 200
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,token'"
method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
Type: MOCK
MethodResponses:
- StatusCode: 200
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
部署API后,MyAuthenticateUserPost方法返回一个200,响应标头如下
访问-控制-允许-起源→*
通过→1.1 sdlkfnsdlk.CloudFront.net(CloudFront)
X-AMZ-CF-ID→DFLKNSDLFKN
X-Amzn-Trace-Id→root=sdlkfnsdlk;sampled=0
内容长度→36
内容类型→应用程序/JSON
日期→2018年9月28日星期五格林尼治时间21:19:04
在cloudformation部署之后,该函数已经出现在该字段中,并且我已经在模板中添加了权限,但是除非执行这个手动步骤,否则API网关方法将无法工作。我有大约50个方法,所以我想完全自动化这一点。我是不是在模板中遗漏了什么?
更新:为了响应@jny,我更新了Get方法中的集成响应,如下所示
IntegrationResponses:
- StatusCode: 200
SelectionPattern: "2\\{d}2"
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: "'*'"
- StatusCode: 300
SelectionPattern: "3\\{d}2"
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: "'*'"
- StatusCode: 400
SelectionPattern: "4\\{d}2"
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: "'*'"
- StatusCode: 500
SelectionPattern: "5\\{d}2"
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: "'*'"
MethodResponses:
- StatusCode: 200
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: true
- StatusCode: 300
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: true
- StatusCode: 400
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: true
- StatusCode: 500
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: true
我也对我的选项方法进行了相同的更新
IntegrationResponses:
- StatusCode: 200
SelectionPattern: "2\\{d}2"
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,token'"
method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
- StatusCode: 300
SelectionPattern: "3\\{d}2"
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,token'"
method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
- StatusCode: 400
SelectionPattern: "4\\{d}2"
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,token'"
method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
- StatusCode: 500
SelectionPattern: "5\\{d}2"
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,token'"
method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
MethodResponses:
- StatusCode: 200
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: false
method.response.header.Access-Control-Allow-Methods: false
method.response.header.Access-Control-Allow-Origin: false
- StatusCode: 300
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: false
method.response.header.Access-Control-Allow-Methods: false
method.response.header.Access-Control-Allow-Origin: false
- StatusCode: 400
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: false
method.response.header.Access-Control-Allow-Methods: false
method.response.header.Access-Control-Allow-Origin: false
- StatusCode: 500
ResponseModels:
application/json: 'Empty'
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: false
method.response.header.Access-Control-Allow-Methods: false
method.response.header.Access-Control-Allow-Origin: false
共有1个答案
潘国源
您必须为所有状态配置响应分隔符,而不仅仅是200个。
大概是这样的:
"IntegrationResponses": [
{
"ResponseParameters":{
"method.response.header.Access-Control-Allow-Origin": "'*'"
},
"StatusCode": 200,
"ResponseTemplates": {
....
}
},
{
"StatusCode": 500,
"SelectionPattern": "5\\{d}2",
"ResponseTemplates": {
....
}
}
],
方法响应也是如此,例如:
"MethodResponses": [{
"ResponseModels": {
"application/json": "Empty"
},
"ResponseParameters":{
"method.response.header.Access-Control-Allow-Origin": "'*'"
},
"StatusCode": "200"
},
{
"StatusCode": "500"
}
]
类似资料:
-
让我抓狂的一件事是AWS有大量关于ARN格式的文档,但没有任何类型的生成器让您确信ARN是正确的。 在IAM中,我试图设置一个策略来允许访问API网关,我已经阅读了以下文档: http://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html#api-使用iam策略的网关控制访问 http://docs.aws.
-
Gravitee API 网关是基于 Vert.X 开发的高性能接口网关,支持 Swagger 导入接口、文档管理、性能分析、操作审计、日志,负载均衡等功能。 主要功能特性 REST API:通过 Web UI 执行的每个操作都使用内部的 Rest API 一键部署:只需单击一下,API 就会部署到每个 Gravitee.io 网关,并且可以随时使用 高可扩展:可以轻松地将新的 Gravitee.
-
我们使用keycloak来处理API网关中的身份验证(客户端/秘密)。 Kong api服务使用konnect托管插件引用KeyClope来验证客户端凭据并返回承载令牌。 未来对其他endpoint的调用将使用oauth2内省来通过KeyClope内省验证承载令牌 但是,当我通过Kong api gateway进行身份验证时,它会返回一个承载令牌,但该令牌无法自省。 如果我直接授权给KeyClop
-
!Important: StrongLoop网关废弃于2016年4月22日. StrongLoop Gateway 现在属于 IBM API Connect的一部分, 这是一个为内部部署和云环境解决了API生命周期的所有方面的完整解决方案.它提供了全面的功能来 创建,运行,管理,保护和monetize APIs (??)和微服务.提供了较好的集成用户体验,它能够快速部署和API简化的管理。 该St
-
我一直在读关于spring cloud gateway在我的微服务架构中实现API网关的文章。我需要阻止某些URL我一直在使用一些内部操作。但是,我已经像在Zuul中一样在gateway中使用了IgnoredServices和IgnoredPatterns,但是在Spring cloud gateway链接中没有这样的东西。我的内部API以/internal/{something}开头。 同样,我
-
我有一个奇怪的情况。我有一个调用API网关endpointREST API(GET方法)的React应用程序。每当我运行应用程序(从localhost)时,我都会收到一个“未经授权”(401)的错误响应。 但是,当我在POSTMAN上调用相同的API时,我得到了200状态的正确响应。然后奇怪的是,当我运行该应用程序时,我也能够在浏览器上以200状态获得相同的正确响应! 我在过去两周内无法解决问题,