向AWS API网关端点添加CORS支持

发布于 2025-02-10 04:03:42 字数 615 浏览 0 评论 0原文

阅读文档： htttps：htttps：// docs。 aws.amazon.com/cdk/api/v1/docs/aws-apigateway-readme.html

对我而言，在端点上指定CORS不清楚它仅适用于该级别或所有子 -也有资源吗？

FE，

假设我在资源路径上添加了一种方法 - /否则

declare const productsResource: apigateway.Resource;

productsResource.addCorsPreflight({
  allowOrigins: [ 'https://amazon.com' ],
  allowMethods: [ 'GET', 'PUT' ]

Does that apply to /products/{productdId} as well?
});

我需要一个单独的AddCorsPreflight（）来调用该子资源吗？

原文

Reading the documentation: https://docs.aws.amazon.com/cdk/api/v1/docs/aws-apigateway-readme.html

It's not clear to me that specifying CORS on an endpoint means that it only applies to that level, or all the sub-resources as well?

F.e.,

let's say I add a method at resource path - /products and

declare const productsResource: apigateway.Resource;

productsResource.addCorsPreflight({
  allowOrigins: [ 'https://amazon.com' ],
  allowMethods: [ 'GET', 'PUT' ]

Does that apply to /products/{productdId} as well?
});

Or do I need a separate addCorsPreflight() call for that sub-resource?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

请止步禁区 2025-02-17 04:03:42

这取决于如何定义该子资源。

如果是实际资源，我相信答案是肯定的 - 您确实需要为所有其他定义的资源定义它。对于任何而不是代理连接的给定资源，都会在您的资源上启用选项方法。

但是，如果它是代理终点（我希望它作为产品ID）与Lambda链接，则必须处理CORS前响应本身。

例如，您必须（不工作代码，您需要定义如何根据触发lambda的API Gateway的传入事件来知道这是否是前飞行的）

exports.handler = async (event) => {
    const response = {
        statusCode: 200,
        headers: {
            "Access-Control-Allow-Headers" : "Content-Type",
            "Access-Control-Allow-Origin": "https://www.example.com",
            "Access-Control-Allow-Methods": "OPTIONS,POST,GET"
        },
        body: JSON.stringify('Hello from Lambda!'),
    };
    if preflight:
       return response;
};

。：//docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html“ rel =” nofollow noreferrer“ how-to-cors.html

It depends on how that sub resource is defined.

If it is an actual Resource, i believe the answer is yes - you do need to define it for all other defined resources. Doing this for any given resource that is NOT a proxy connection will enable the OPTIONS method on your resource.

However if its a Proxy end point (which as a product ID i would expect) linked to a lambda it has to handle the Cors Preflight response itself.

Youd have to, for instance, (NOT working code, you need to define how to know if this is a preflight or not based on the incoming event from Api Gateway that triggers the lambda)

exports.handler = async (event) => {
    const response = {
        statusCode: 200,
        headers: {
            "Access-Control-Allow-Headers" : "Content-Type",
            "Access-Control-Allow-Origin": "https://www.example.com",
            "Access-Control-Allow-Methods": "OPTIONS,POST,GET"
        },
        body: JSON.stringify('Hello from Lambda!'),
    };
    if preflight:
       return response;
};

Find more information here: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

回复收藏 0 原文

~没有更多了~