如何通过CORS从浏览器调用安全的OpenWhisk(IBM Cloud Functions)Web操作?

时间:2018-10-30 00:55:23

标签: javascript cors ibm-cloud openwhisk ibm-cloud-functions

我正在尝试通过CORS从浏览器(JavaScript)调用受-a require-whisk-auth my-secret注解保护的Cloud Functions网络操作。

我创建了一个网络操作并保护了该操作 (请参阅https://console.bluemix.net/docs/openwhisk/openwhisk_webactions.html#securing-web-actions),但是使用JavaScript提取调用操作将返回401未经授权状态代码。

我的JavaScript代码:

var myHeader = new Headers();
myHeader.append('X-Require-Whisk-Auth', 'my-secret');
fetch('https://openwhisk.ng.bluemix.net/api/v1/web/{CLOUD FOUNDRY ORG}_{CLOUD FOUNDRY SPACE}/default/action.json',{
    headers: myHeader,
}).then(function(response) {
    var res = response.text();
    res.then(function(res) {
    var json = JSON.parse(res);
    var token = json.token;
    console.log(token);
    }).catch(function(error) {
        console.log(error);
    });
}).catch(function(error) {
    console.log(error);
});

控制台(Chrome)错误为:

OPTIONS https://openwhisk.ng.bluemix.net/api/v1/web/{CLOUD FOUNDRY ORG}_{CLOUD FOUNDRY SPACE}/default/action.json 401 (Unauthorized)
Access to fetch at 'https://openwhisk.ng.bluemix.net/api/v1/web/{CLOUD FOUNDRY ORG}_{CLOUD FOUNDRY SPACE}/default/action.json' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

我还尝试添加web-custom-options注释-ibmcloud fn action update /{CLOUD FOUNDRY ORG}_{CLOUD FOUNDRY SPACE}/action --web true -a require-whisk-auth my-secret -a web-custom-options true-创建对OPTIONS请求的自定义响应,但这是行不通的。

这是我的动作(action.js):

function main(params) {
    if (params.__ow_method == "options") {
        return {
            headers: {
                'Access-Control-Allow-Methods': 'OPTIONS, GET',
                'Access-Control-Allow-Origin': 'http://127.0.0.1:8080',
                'Access-Control-Allow-Credentials': 'true',
                'Access-Control-Allow-Headers': 'X-Require-Whisk-Auth, Content-Type, authorization'
            },
            statusCode: 200
        }
    }else{
        return {
            headers: {
                'Access-Control-Allow-Methods': 'OPTIONS, GET',
                'Access-Control-Allow-Origin': 'http://127.0.0.1:8080',
                'Access-Control-Allow-Credentials': 'true',
                'Access-Control-Allow-Headers': 'X-Require-Whisk-Auth, Content-Type, authorization',
                'Content-Type': 'application/json'
            },
            body: {'token': token},
            statusCode: 200
        }
    }
}

如何通过带有自定义标头'X-Require-Whisk-Auth'的CORS调用安全的Web操作?(启用了require-whisk-auth批注后,我必须附加标头'X-Require-Whisk-Auth'。)< / p>

0 个答案:

没有答案
相关问题
最新问题