Apigee OPTIONS 404

时间:2014-01-14 02:07:52

标签: cross-domain cors apigee

我被Apigee的CORS支持所困扰。我设置了一个新的代理,并确保勾选“为您的API启用直接浏览器访问 - 允许通过CORS从浏览器直接请求”。框。

似乎CORS正在为正常的GET请求工作,但是找不到飞行前的OPTIONS请求并返回404.我发现这个answer但是无法解决我的问题,因为它看起来像也许是一个不同的问题?

我想回答的主要问题是如何为所有请求设置Access-Control-Allow-Origin = *?甚至OPTIONS请求?

代理端点

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
    <Description/>
    <Flows>
        <Flow name="Forecast">
            <Description/>
            <Request/>
            <Response/>
            <Condition>(proxy.pathsuffix MatchesPath &quot;/forecast&quot;) and (request.verb = &quot;GET&quot;)</Condition>
        </Flow>
    </Flows>
    <PreFlow name="PreFlow">
        <Request/>
        <Response/>
    </PreFlow>
    <HTTPProxyConnection>
        <BasePath>/v1/weather</BasePath>
        <VirtualHost>default</VirtualHost>
        <VirtualHost>secure</VirtualHost>
    </HTTPProxyConnection>
    <RouteRule name="default">
        <TargetEndpoint>default</TargetEndpoint>
    </RouteRule>
    <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
</ProxyEndpoint>

目标端点

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
    <Description/>
    <Flows>
        <Flow name="OptionsCORS">
            <Description/>
            <Request/>
            <Response>
                <Step>
                    <Name>CrossOriginResourceSharing</Name>
                </Step>
            </Response>
            <Condition>request.verb equals "OPTIONS"</Condition>
        </Flow>
    </Flows>
    <PreFlow name="PreFlow">
        <Request/>
        <Response>
            <Step>
                <Name>CrossOriginResourceSharing</Name>
            </Step>
        </Response>
    </PreFlow>
    <HTTPTargetConnection>
        <URL>https://home.nest.com/api/0.1/weather</URL>
    </HTTPTargetConnection>
    <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
</TargetEndpoint>

添加CORS文件

<AssignMessage async="false" continueOnError="false" enabled="true" name="CrossOriginResourceSharing">
    <DisplayName>Add CORS</DisplayName>
    <FaultRules/>
    <Properties/>
    <Add>
        <Headers>
            <Header name="Access-Control-Allow-Origin">*</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
            <Header name="Access-Control-Max-Age">3628800</Header>
            <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE, OPTIONS</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>

以防万一有帮助 - 以下是我在处理请求时遇到的错误。我正在使用Chrome并拥有一个AngularJS应用。我也能够使用cURL语句复制该问题 (curl -H“Origin:localhost”--verbose http://*********-prod.apigee.net/v1/weather/forecast/12345 -X OPTIONS)

{
    "url": "/api/0.1/weather/forecast/73013",
    "message": "404 Not Found"
}

谢谢!

2 个答案:

答案 0 :(得分:2)

在您的proxy.xml中添加一个特定于OPTIONS

的流程
<Flow name="OPTIONS">
   <Description>This flow is for client side applications</Description>
      <Response>
         <Step>
            <Name>CORSResponse</Name>
         </Step>
      </Response>
   <Condition>(request.verb = &quot;OPTIONS&quot;)</Condition>
   <Request/>
</Flow>

现在CORSResponse.xml政策可以如下所示

<AssignMessage name="CORSResponse">
    <AssignTo type="response" createNew="true" />
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>

    <Set>
        <Headers>
            <Header name="Access-Control-Allow-Origin">yourdomain.com</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, x-source-ip, Accept, Authorization, User-Agent, Host, Accept-Language, Location, Referer</Header>
            <Header name="Access-Control-Allow-Methods">GET, POST</Header>
        </Headers>
        <StatusCode>200</StatusCode>
    </Set>

</AssignMessage>

答案 1 :(得分:0)

解决方案是添加一个RouteRule,阻止请求在OPTIONS请求中传递给我的API。

<RouteRule name="NoRoute">
    <Condition>request.verb == "OPTIONS"</Condition>
</RouteRule>

此外,我添加了一个为响应添加CORS支持的流程

<Flow name="OptionsPreFlight">
    <Request/>
        <Response>
            <Step>
                <Name>Add-CORS</Name>
            </Step>
        </Response>
    <Condition>request.verb == "OPTIONS"</Condition>
</Flow>

我的最终Add-CORS政策

<AssignMessage async="false" continueOnError="false" enabled="true" name="Add-CORS">
    <DisplayName>Add CORS</DisplayName>
    <FaultRules/>
    <Properties/>
    <Add>
        <Headers>
            <Header name="Access-Control-Allow-Origin">*</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
            <Header name="Access-Control-Max-Age">3628800</Header>
            <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>