我正在尝试通过CORS从浏览器(JavaScript)调用受-a require-whisk-auth my-secret
注解保护的Cloud Functions网络操作。
我创建了一个网络操作并保护了该操作 (请参阅https://console.bluemix.net/docs/openwhisk/openwhisk_webactions.html#securing-web-actions),但是使用JavaScript提取调用操作将返回401未经授权状态代码。
我的JavaScript代码:
var myHeader = new Headers();
myHeader.append('X-Require-Whisk-Auth', 'my-secret');
fetch('https://openwhisk.ng.bluemix.net/api/v1/web/{CLOUD FOUNDRY ORG}_{CLOUD FOUNDRY SPACE}/default/action.json',{
headers: myHeader,
}).then(function(response) {
var res = response.text();
res.then(function(res) {
var json = JSON.parse(res);
var token = json.token;
console.log(token);
}).catch(function(error) {
console.log(error);
});
}).catch(function(error) {
console.log(error);
});
控制台(Chrome)错误为:
OPTIONS https://openwhisk.ng.bluemix.net/api/v1/web/{CLOUD FOUNDRY ORG}_{CLOUD FOUNDRY SPACE}/default/action.json 401 (Unauthorized)
Access to fetch at 'https://openwhisk.ng.bluemix.net/api/v1/web/{CLOUD FOUNDRY ORG}_{CLOUD FOUNDRY SPACE}/default/action.json' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
我还尝试添加web-custom-options
注释-ibmcloud fn action update /{CLOUD FOUNDRY ORG}_{CLOUD FOUNDRY SPACE}/action --web true -a require-whisk-auth my-secret -a web-custom-options true
-创建对OPTIONS请求的自定义响应,但这是行不通的。
这是我的动作(action.js):
function main(params) {
if (params.__ow_method == "options") {
return {
headers: {
'Access-Control-Allow-Methods': 'OPTIONS, GET',
'Access-Control-Allow-Origin': 'http://127.0.0.1:8080',
'Access-Control-Allow-Credentials': 'true',
'Access-Control-Allow-Headers': 'X-Require-Whisk-Auth, Content-Type, authorization'
},
statusCode: 200
}
}else{
return {
headers: {
'Access-Control-Allow-Methods': 'OPTIONS, GET',
'Access-Control-Allow-Origin': 'http://127.0.0.1:8080',
'Access-Control-Allow-Credentials': 'true',
'Access-Control-Allow-Headers': 'X-Require-Whisk-Auth, Content-Type, authorization',
'Content-Type': 'application/json'
},
body: {'token': token},
statusCode: 200
}
}
}
如何通过带有自定义标头'X-Require-Whisk-Auth'的CORS调用安全的Web操作?(启用了require-whisk-auth批注后,我必须附加标头'X-Require-Whisk-Auth'。)< / p>