I have a Google project credible-nation-130012 to which I deployed an app written in Java. It uses the AppEngine standard environment. The only contents is a Google endpoint. You can see the sources at GitHub: https://github.com/mhdirkse/least-common-multiplier .
While not logged in with Google, I wanted to test my deployment. To do this, I visited https://credible-nation-130012.appspot.com/_ah/api/explorer using Firefox. My API did not appear. I pressed F12 for developer information and saw the following errors:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis. (Reason: CORS request did not succeed).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis. (Reason: CORS request did not succeed).[Learn More]
Then I closed the tab and visited console.cloud.google.com to log in. After this my API appeared at https://credible-nation-130012.appspot.com/_ah/api/explorer and it worked.
I guess that the API explorer cannot properly access https://accounts.google.com. It expects to get back a header Access-Control-Allow-Origin but that is not present. Does this have anything to do with my application, or is it a bug in the API explorer? Or is this behavior intended by Google? Any help is welcome.
With kind regards,
Martijn Dirkse
By the way: I am demonstrating this project for a job application. If I get help on this question, I will make this clear on GitHub and in communication with possible employers.
答案 0 :(得分:1)
The issue is likely in your web.xml. You have set an admin auth constraint for all URLs, and API Explorer needs to access a certain URL path /_ah/api/discovery/v1/apis (and paths under it) to work. Remove the constraint or loosen it to exclude /_ah/api.
答案 1 :(得分:0)
我在web.xml中有一个安全约束,如下所示:
<security-constraint>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
我认为那是错误。这表示URL credible-nation-130012.appspot.com/_ah/api/explorer要求具有“管理员”角色。但是访问端点API的远程应用程序不是管理员。放置这种安全约束似乎是胡说八道。
限制对我的API的访问也不是那么重要。这是我要演示的玩具项目。
我已经看到注销后需要一段时间才能生效。明天我将检查我的应用程序是否符合预期。
我现在不需要帮助了。