Cloudfront CORS未能进行前飞行/选项调用
我仅通过CloudFront配置了S3并使用Lambda保护。问题在于,由于前拨打呼叫失败,我无法访问水疗中心的文件。 Get Call进行测试时
使用Postman S3 CORS
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"DELETE",
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
CloudFront Config
lambda@enge@enge
我也是一个简单的lambda 。 lambda config:
结果:
postman get:
这通常是因为对原点,请求方法 /访问控制方法的评估或访问权限 - 纠纷 - 重试标头不被资源的CORS规格列入白色。”
我尝试了许多不同教程和其他堆栈溢出帖子中的混合和匹配缓存策略,原始请求策略和响应标头策略的变体,但似乎没有任何帮助。
我将非常感谢帮助,因为我努力解决此问题一段时间,谢谢!
I've configured S3 with access only through CloudFront and protected with lambda. The problem is that I'm not able to access the files from SPA because of a failing preflight call. When testing this with Postman GET call returns an object with CORS headers set correctly, but OPTIONS returns 403.
My configuration:
S3 CORS
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"DELETE",
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
CloudFront config
Lambda@Edge
I've also a simple lambda that is checking JWT token included in the request.
lambda config: 
Results:
Postman Get:
Postman Options:
Message: "CORSResponse: This CORS request is not allowed. This is usually because the evalution of Origin, request method / Access-Control-Request-Method or Access-Control-Request-Headers are not whitelisted by the resource's CORS spec."
I've tried many variants of mixing and matching Cache policy, Origin request policy and Response headers policy from different tutorials and other stack overflow posts but nothing seems to help.
I will be very grateful for help since I struggling with fixing this issue for a while, thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
CloudFront设置是正确的,问题应与您的 lambda@edge :请注意,当选项方法称为时,也会触发。
可能是您的lambda也试图在由选项API调用触发时也试图验证JWT令牌,并且由于请求中未包含JWT令牌,因此它将返回403错误。
我建议您检查CloudWatch Logs 以验证这一点,并在处理选项方法lambda@edge内部执行传球:将通过响应标头策略添加带有前脱头标头的CORS(您已经正确设置了)。
The CloudFront setup is correct, the problem should be related to your Lambda@Edge: be aware that it is triggered also when OPTIONS method is called.
It could be that your lambda is trying to validate the JWT token also when it is triggered by OPTIONS API calls and, since JWT token is not included in the request, it returns back a 403 Error.
I suggest you to check CloudWatch logs to verify that and to handle OPTIONS method inside Lambda@Edge performing a passthrough: CORS with preflight headers will be added by the response header policy (you already correctly set).