在我的应用引擎实例前实现 api 网关后,我遇到一个问题,指出请求因 CORS 标头而被阻止。在网上搜索后,我发现 API 网关没有提供设置 CORS 策略的方法,但是它也“覆盖”了我的单个后端应用程序发送的标头。我需要实现负载均衡器来设置额外的 Header 还是有办法避免覆盖?
API 示例:
paths:
"/login":
post:
description: "Login into the service"
operationId: "login"
x-google-backend:
address: https://project-id.oa.r.appspot.com/api/v1/login
produces:
- "application/json"
responses:
200:
description: "Projects retrieved successfully"
schema:
$ref: "#/definitions/access_token"
401:
description: "Wrong password"
schema:
type: "string"
404:
description: "User not exists"
schema:
type: "string"
parameters:
- in: body
name: user
description: The user to create.
schema:
type: object
required:
- userName
properties:
userName:
type: string
firstName:
type: string
lastName:
type: string
答案 0 :(得分:0)
经过大量试验,我找到了一个比在网关前实现负载均衡器更简单的解决方案:
要使用后端应用程序提供的 CORS 标头,只需向 API 添加 OPTIONS 请求以避免标头被覆盖。因此,鉴于登录 API,我只需要添加如下请求:
paths:
"/login":
post:
description: "Login into the service"
operationId: "login"
x-google-backend:
address: https://project-id.oa.r.appspot.com/api/v1/login
produces:
- "application/json"
responses:
200:
description: "Projects retrieved successfully"
schema:
$ref: "#/definitions/access_token"
401:
description: "Wrong password"
schema:
type: "string"
404:
description: "User not exists"
schema:
type: "string"
parameters:
- in: body
name: user
description: The user to create.
schema:
type: object
required:
- userName
properties:
userName:
type: string
firstName:
type: string
lastName:
type: string
options:
description: "Cors associated request to login"
operationId: "login cors"
x-google-backend:
address: https://project-id.oa.r.appspot.com/api/v1/login
responses:
200:
description: "Allow"
401:
description: "Cors not allowed"