CORS带有打字稿的无服务器框架?
我陷入了这个基本的CORS问题上,但似乎没有任何帮助。
在无服务器CORS生存指南中尝试了所有内容(
在这里,我获得了相同
浏览器中的错误 -
访问从'https://xxxxxxxxxx.execute-api.us-east-1.amazonaws.com/dev/space/spaces_config/ap1'来自origin'https://xxxxxxxxxxx'策略:请求标题字段访问权限控制 - 允许原素不允许访问控制者允许。前反应。
我的设置 - >
serverless.yml-
provider:
name: aws
runtime: nodejs16.x
memorySize: 512
timeout: 30
environment:
NODE_ENV: dev
plugins:
- serverless-plugin-typescript
- serverless-offline
package:
exclude:
- config/.env.stg
- config/.env.pro
include:
- config/.env.dev
functions:
createSpace:
handler: handler.createSpace
events:
- http:
path: spaces
method: post
cors:
origin: "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
findSpace:
handler: handler.findSpace
events:
- http:
path: spaces
method: get
cors:
origin: "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
findSpaceConfig:
handler: handler.findSpaceConfig
events:
- http:
path: spaces_config
method: get
cors:
origin: "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
updateSpaceConfig:
handler: handler.updateSpaceConfig
events:
- http:
path: spaces_config/{space_id}
method: put
cors:
origin: "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
findOneSpaceConfigById:
handler: handler.findOneSpaceConfigById
events:
- http:
path: spaces_config/{space_id}
method: get
cors:
origin: "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
也尝试使用CORS:TRUE
Handler.js File-
import { Handler, Context, APIGatewayEvent } from "aws-lambda";
import dotenv from "dotenv";
// import middy from "middy";
// import { cors } from "middy/middlewares";
// cross-env NODE_ENV=dev ts-node handler.ts
dotenv.config({
path: `config/.env.${process.env["NODE_ENV"]}`,
});
export * from "./app/connections/mongo";
import { SpacesController } from "./app/controller/spaces";
import { spaces } from "./app/model/spaces";
import { SpacesConfigController } from "./app/controller/spaces_config";
import { spaces_config } from "./app/model/spaces_config";
// Spaces
const spacesController = new SpacesController(spaces);
export const createSpace: Handler = (
event: APIGatewayEvent,
context: Context
) => {
return spacesController.create(event, context);
};
export const findSpace: Handler = () => spacesController.find();
// Spaces Config
const spacesConfigController = new SpacesConfigController(spaces_config);
export const findSpaceConfig: Handler = () => spacesConfigController.find();
export const updateSpaceConfig: Handler = (event: APIGatewayEvent) =>
spacesConfigController.update(event);
export const findOneSpaceConfigById: Handler = (
event: APIGatewayEvent,
context: Context
) => {
return spacesConfigController.findOne(event, context);
};
// export const findOneSpaceConfigById = middy(findOneSpaceConfigByI).use(cors());
在样板中,有一个文件消息。 api typescript/app/utils/message.ts“ rel =” nofollow noreferrer”> https://github.com/serverless/examples/blob/master/aws-node-node-rest-api-typescript/app/message/message.ts.ts )我们可以自定义响应。 Middy不工作后,我尝试手动发送响应标题。
当我使用Middy时,我没有得到任何响应标头。
message.ts-
import { ResponseVO } from "../types/response";
enum StatusCode {
success = 200,
}
class Result {
private statusCode: number;
private code: number;
private message: string;
private data?: any;
constructor(statusCode: number, code: number, message: string, data?: any) {
this.statusCode = statusCode;
this.code = code;
this.message = message;
this.data = data;
}
/**
* Serverless: According to the API Gateway specs, the body content must be stringified
*/
bodyToString() {
return {
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": true,
"Content-Type": "application/json",
"Access-Control-Allow-Methods": "GET,PUT,POST,PATCH,OPTIONS",
"Access-Control-Allow-Headers":
"Content-Type, Accept, x-access-token ,Authorization",
},
statusCode: this.statusCode,
body: JSON.stringify({
code: this.code,
message: this.message,
data: this.data,
}),
};
}
}
export class MessageUtil {
static success(data: object): ResponseVO {
const result = new Result(StatusCode.success, 0, "success", data);
return result.bodyToString();
}
static error(code: number = 400, message: string) {
const result = new Result(StatusCode.success, code, message);
console.log(result.bodyToString());
return result.bodyToString();
}
}
依赖项 -
很长一段时间以来一直在问题上。
任何帮助将不胜感激。
谢谢
I am stuck on this basic CORS issue but nothing seems to help.
Tried everything in Serverless CORS Survival Guide(https://www.serverless.com/blog/cors-api-gateway-survival-guide/)
Everything working fine in serverless offline
Here I am getting all the expected response headers for the same
Error In Browser-
Access to fetch at 'https://XXXXXXXXX.execute-api.us-east-1.amazonaws.com/dev/spaces_config/ap1' from origin 'https://XXXXXXXXX.com' has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
My Setup->
I am using this boilerplate-> https://github.com/serverless/examples/aws-node-rest-api-typescript
Serverless.yml-
provider:
name: aws
runtime: nodejs16.x
memorySize: 512
timeout: 30
environment:
NODE_ENV: dev
plugins:
- serverless-plugin-typescript
- serverless-offline
package:
exclude:
- config/.env.stg
- config/.env.pro
include:
- config/.env.dev
functions:
createSpace:
handler: handler.createSpace
events:
- http:
path: spaces
method: post
cors:
origin: "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
findSpace:
handler: handler.findSpace
events:
- http:
path: spaces
method: get
cors:
origin: "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
findSpaceConfig:
handler: handler.findSpaceConfig
events:
- http:
path: spaces_config
method: get
cors:
origin: "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
updateSpaceConfig:
handler: handler.updateSpaceConfig
events:
- http:
path: spaces_config/{space_id}
method: put
cors:
origin: "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
findOneSpaceConfigById:
handler: handler.findOneSpaceConfigById
events:
- http:
path: spaces_config/{space_id}
method: get
cors:
origin: "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
allowCredentials: true
Also tried with cors: true
Handler.js File-
import { Handler, Context, APIGatewayEvent } from "aws-lambda";
import dotenv from "dotenv";
// import middy from "middy";
// import { cors } from "middy/middlewares";
// cross-env NODE_ENV=dev ts-node handler.ts
dotenv.config({
path: `config/.env.${process.env["NODE_ENV"]}`,
});
export * from "./app/connections/mongo";
import { SpacesController } from "./app/controller/spaces";
import { spaces } from "./app/model/spaces";
import { SpacesConfigController } from "./app/controller/spaces_config";
import { spaces_config } from "./app/model/spaces_config";
// Spaces
const spacesController = new SpacesController(spaces);
export const createSpace: Handler = (
event: APIGatewayEvent,
context: Context
) => {
return spacesController.create(event, context);
};
export const findSpace: Handler = () => spacesController.find();
// Spaces Config
const spacesConfigController = new SpacesConfigController(spaces_config);
export const findSpaceConfig: Handler = () => spacesConfigController.find();
export const updateSpaceConfig: Handler = (event: APIGatewayEvent) =>
spacesConfigController.update(event);
export const findOneSpaceConfigById: Handler = (
event: APIGatewayEvent,
context: Context
) => {
return spacesConfigController.findOne(event, context);
};
// export const findOneSpaceConfigById = middy(findOneSpaceConfigByI).use(cors());
In the boilerplate, there is a file message.ts(https://github.com/serverless/examples/blob/master/aws-node-rest-api-typescript/app/utils/message.ts) where we can customize the response.
After middy was not working above, I tried sending response headers manually.
I was not getting any response header when I was using middy.
message.ts-
import { ResponseVO } from "../types/response";
enum StatusCode {
success = 200,
}
class Result {
private statusCode: number;
private code: number;
private message: string;
private data?: any;
constructor(statusCode: number, code: number, message: string, data?: any) {
this.statusCode = statusCode;
this.code = code;
this.message = message;
this.data = data;
}
/**
* Serverless: According to the API Gateway specs, the body content must be stringified
*/
bodyToString() {
return {
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": true,
"Content-Type": "application/json",
"Access-Control-Allow-Methods": "GET,PUT,POST,PATCH,OPTIONS",
"Access-Control-Allow-Headers":
"Content-Type, Accept, x-access-token ,Authorization",
},
statusCode: this.statusCode,
body: JSON.stringify({
code: this.code,
message: this.message,
data: this.data,
}),
};
}
}
export class MessageUtil {
static success(data: object): ResponseVO {
const result = new Result(StatusCode.success, 0, "success", data);
return result.bodyToString();
}
static error(code: number = 400, message: string) {
const result = new Result(StatusCode.success, code, message);
console.log(result.bodyToString());
return result.bodyToString();
}
}
Dependencies Used-
Stuck on the problem for a very long time.
Any help will be appreciated.
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
此问题很可能发生,因为浏览器的JavaScript正在发送无允许列表中未允许的列表中的标题。您可能不需要发送这些标头,因为从浏览器中发送它们不能帮助解决CORS并可能使其复杂化。我建议除了内容类型之外,从您的消息中删除所有标题,然后重试。
This issue is likely occurring because the JavaScript for the browser is sending headers that are not in the allowed list in your serverless.yml. You probably do not need to send those headers either as sending them from the browser doesn't assist in resolving CORS and may complicate it. I would recommend removing all headers from your message.ts except Content-type and trying again.