WSO2 APIM在PUT请求上返回“无效的CORS请求”

时间:2019-06-27 04:52:29

标签: wso2 wso2-am

仅当存在原始标头时,才在PUT请求上观察到“无效的CORS请求”。它可以在所有其他动词上正常工作,例如:GET。

已使用Wiki:Enabling CORS for APIs和API级别启用:/usr/lib64/wso2/wso2am/2.6.0/repository/deployment/server/synapse-configs/default/api/admin- -Restricted_v1.0.0.xml

PUT API: curl -v 'https://api.mycompany.com/restricted/1.0.0/A/ba56bf80-9678-11e9-8508-0242ac110003' -XPUT -H 'Accept: application/json, text/plain, */*' -H 'Referer : http://local.mycompany.com:4200/B/' -H 'Origin : http://local.mycompany.com:4200' -H "Authorization : Bearer <WSO2_ACCESS_TOKEN>" -H "MYCOMPANY_AUTH : <CUSTOM_AUTH_TOKEN>" -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' -H 'Content-Type: text/plain' --data-binary '{"ruleId":"ba56bf80-9678-11e9-8508-0242ac110003","created":"2019-06-24T15:43:53.289Z","context":"TM","version":3,"name":"e2e-testing-rule","author":"System Admin","description":"some description","expression":"a>b","category":"ABC","score":"121","labels":["1","2","3"]}' --compressed

响应:无效的CORS请求

响应标题:

* We are completely uploaded and fine
< HTTP/2 403 
< date: Thu, 27 Jun 2019 04:43:34 GMT
< content-type: application/octet-stream
< x-frame-options: DENY
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< access-control-allow-origin: *
< access-control-allow-methods: PUT
< x-content-type-options: nosniff
< vary: Access-Control-Request-Headers
< vary: Access-Control-Request-Method
< vary: Origin
< expires: 0
< pragma: no-cache
< x-xss-protection: 1; mode=block
< access-control-allow-headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction,mycompany_auth,Accept-Encoding,Host,Content-Length,accept,referer,origin,user-agent,content-type

获取API:

curl -v -H "accept: */*" -H "Authorization : Bearer <WSO2_ACCESS_TOKEN>" -H "MYCOMPANY_AUTH : <CUSTOM_AUTH_TOKEN>" -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' -H 'Content-Type: text/plain' https://api.mycompany.com/restricted/1.0.0/A/ba56bf80-9678-11e9-8508-0242ac110003 | jq .

响应:有效的JSON响应

响应标题:

* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200 
< date: Thu, 27 Jun 2019 04:38:50 GMT
< content-type: application/hal+json;charset=UTF-8
< x-frame-options: DENY
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< access-control-allow-origin: *
< access-control-allow-methods: GET
< x-content-type-options: nosniff
< vary: Access-Control-Request-Headers
< vary: Access-Control-Request-Method
< vary: Origin
< expires: 0
< pragma: no-cache
< x-xss-protection: 1; mode=block
< access-control-allow-headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction,mycompany_auth,Accept-Encoding,Host,Content-Length,accept,referer,origin,user-agent,content-type

由于GET调用工作正常,因此不清楚PUT调用中错过了什么!有指针吗?

0 个答案:

没有答案
相关问题
最新问题