GCP Cloud Run 和 Angular 上的 Flask 后端出现 CORS 错误
我正在开发一个仪表板,前端使用 Angular,后端使用 MySQL 和 Flask。我已将数据库部署在 GCP Cloud Run 上的 CloudSQL 和 Flask 后端上。 在我的本地计算机上制作过程中,我遇到了以下错误:
对预检请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”标头。
我通过在本地 Flask 后端添加以下代码来修复它:
from flask_cors import CORS
CORS(app, resources={r"*": {"origins": "*"}})
我还在 Flask 上的每个函数之前尝试了以下代码,它似乎在本地计算机上完美运行:
from flask_cors import cross_origin
@app.route('/api/register_smartbox', methods=['POST'])
@cross_origin()
def register_smartbox():
recv_req = request.get_json()
主要问题发生在我将其部署在 GCP Cloud run 上时。我在那里使用经过身份验证的调用。以下是当我在 Angular 应用程序中从浏览器发送 API 请求时,我在云运行日志中获得的日志:
警告 2022-02-24T06:14:41.430198ZOPTIONS4030 B0 msChrome 98 https://
.app/api/login_users 该请求未经过身份验证。允许未经身份验证的调用或设置正确的授权标头。如需了解更多信息,请访问 https://cloud.google.com/run/docs/securing/authenticating 其他问题排查文档可在以下位置找到:https://cloud.google.com/run/docs/troubleshooting#unauthorized-client
这是我在浏览器中遇到的错误
访问 XMLHttpRequest 'https://
.app/api/login_users' 来自 来源 'http://127.0.0.1:5555' 已被 CORS 策略阻止: 对预检请求的响应未通过访问控制检查:否 请求中存在“Access-Control-Allow-Origin”标头 资源。
到目前为止我已经尝试过的事情:
- 在 Flask 中添加了所有可能的 CORS 技术
- 在 Cloud Run 上部署后,使用 POSTMAN 检查了我的 API,并在 python 请求中检查了它,它似乎工作得很好
- 尝试构建我的 Angular 应用程序的生产版本来检查是否有可能是那边的问题。还包括“凭据”标头:
const headers = {"Content-Type": "application/json", '授权':this.auth_tok,'凭据':'包含'}
- 尝试使用 CURL 和 NodeJS 部署 GCP 服务。也与这些人一起工作过。所以只有 Angular 应用程序上的浏览器才会出现问题。
我已经被这个问题困扰好几天了。任何形式的帮助将不胜感激。谢谢
I am developing a dashboard with frontend in Angular, Backend in MySQL and Flask. I had deployed the database on CloudSQL and Flask backend on GCP Cloud Run.
During production on my local computer, I faced this error:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I fixed it by adding the following code to my flask backend locally:
from flask_cors import CORS
CORS(app, resources={r"*": {"origins": "*"}})
I also tried with the following code before every function on flask and it seemed to work perfectly on local computer:
from flask_cors import cross_origin
@app.route('/api/register_smartbox', methods=['POST'])
@cross_origin()
def register_smartbox():
recv_req = request.get_json()
The main problem occured when I deployed it on GCP Cloud run. I am using Authenticated invocations over there. Here are the logs that I get on cloud run logs when I send an API request from my browser in Angular app:
Warning
2022-02-24T06:14:41.430198ZOPTIONS4030 B0 msChrome 98 https://<My_URL>.app/api/login_users
The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header. Read more at https://cloud.google.com/run/docs/securing/authenticating Additional troubleshooting documentation can be found at: https://cloud.google.com/run/docs/troubleshooting#unauthorized-client
And here are the errors I am getting inside the browser
Access to XMLHttpRequest at
'https://<My_URL>.app/api/login_users' from
origin 'http://127.0.0.1:5555' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource.
Things that I have tried so far:
- Added all of the possible CORS techniques inside Flask
- Checked my APIs with POSTMAN and in python requests after deployment on Cloud Run and it seems to work perfectly
- Tried building the production build of my angular app to check if there could be a problem on that side. Also included the "credentials" header:
const headers = {"Content-Type": "application/json", 'Authorization': this.auth_tok, "credentials": 'include'}
- Tried the deployed GCP service with CURL and NodeJS. Worked with those as well. So only the problem occurs with browser on Angular app.
I have been stuck on this problem for days. Any sort of help would be much appreciated. Thank you
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
经过身份验证的调用不适用于 COR 请求,因为您的 Web 浏览器在向您的服务发送预检请求时不会发送所需的身份验证令牌。
Authenticated invocations won't work for the CORs requests as your web browser isn't sending the needed auth tokens while it does preflight requests to your service.