我被Apigee的CORS支持所困扰。我设置了一个新的代理,并确保勾选“为您的API启用直接浏览器访问 - 允许通过CORS从浏览器直接请求”。框。
似乎CORS正在为正常的GET请求工作,但是找不到飞行前的OPTIONS请求并返回404.我发现这个answer但是无法解决我的问题,因为它看起来像也许是一个不同的问题?
我想回答的主要问题是如何为所有请求设置Access-Control-Allow-Origin = *?甚至OPTIONS请求?
代理端点
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
<Description/>
<Flows>
<Flow name="Forecast">
<Description/>
<Request/>
<Response/>
<Condition>(proxy.pathsuffix MatchesPath "/forecast") and (request.verb = "GET")</Condition>
</Flow>
</Flows>
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<HTTPProxyConnection>
<BasePath>/v1/weather</BasePath>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
</ProxyEndpoint>
目标端点
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
<Description/>
<Flows>
<Flow name="OptionsCORS">
<Description/>
<Request/>
<Response>
<Step>
<Name>CrossOriginResourceSharing</Name>
</Step>
</Response>
<Condition>request.verb equals "OPTIONS"</Condition>
</Flow>
</Flows>
<PreFlow name="PreFlow">
<Request/>
<Response>
<Step>
<Name>CrossOriginResourceSharing</Name>
</Step>
</Response>
</PreFlow>
<HTTPTargetConnection>
<URL>https://home.nest.com/api/0.1/weather</URL>
</HTTPTargetConnection>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
</TargetEndpoint>
添加CORS文件
<AssignMessage async="false" continueOnError="false" enabled="true" name="CrossOriginResourceSharing">
<DisplayName>Add CORS</DisplayName>
<FaultRules/>
<Properties/>
<Add>
<Headers>
<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
<Header name="Access-Control-Max-Age">3628800</Header>
<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE, OPTIONS</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>
以防万一有帮助 - 以下是我在处理请求时遇到的错误。我正在使用Chrome并拥有一个AngularJS应用。我也能够使用cURL语句复制该问题 (curl -H“Origin:localhost”--verbose http://*********-prod.apigee.net/v1/weather/forecast/12345 -X OPTIONS)
{
"url": "/api/0.1/weather/forecast/73013",
"message": "404 Not Found"
}
谢谢!
答案 0 :(得分:2)
在您的proxy.xml中添加一个特定于OPTIONS
的流程<Flow name="OPTIONS">
<Description>This flow is for client side applications</Description>
<Response>
<Step>
<Name>CORSResponse</Name>
</Step>
</Response>
<Condition>(request.verb = "OPTIONS")</Condition>
<Request/>
</Flow>
现在CORSResponse.xml政策可以如下所示
<AssignMessage name="CORSResponse">
<AssignTo type="response" createNew="true" />
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<Set>
<Headers>
<Header name="Access-Control-Allow-Origin">yourdomain.com</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, x-source-ip, Accept, Authorization, User-Agent, Host, Accept-Language, Location, Referer</Header>
<Header name="Access-Control-Allow-Methods">GET, POST</Header>
</Headers>
<StatusCode>200</StatusCode>
</Set>
</AssignMessage>
答案 1 :(得分:0)
解决方案是添加一个RouteRule,阻止请求在OPTIONS请求中传递给我的API。
<RouteRule name="NoRoute">
<Condition>request.verb == "OPTIONS"</Condition>
</RouteRule>
此外,我添加了一个为响应添加CORS支持的流程
<Flow name="OptionsPreFlight">
<Request/>
<Response>
<Step>
<Name>Add-CORS</Name>
</Step>
</Response>
<Condition>request.verb == "OPTIONS"</Condition>
</Flow>
我的最终Add-CORS政策
<AssignMessage async="false" continueOnError="false" enabled="true" name="Add-CORS">
<DisplayName>Add CORS</DisplayName>
<FaultRules/>
<Properties/>
<Add>
<Headers>
<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
<Header name="Access-Control-Max-Age">3628800</Header>
<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>