因此,我正在使用AWS API Gateway,并为资源设置了CORS,但仍被阻止。当我使用Axios通过Vue应用程序进行调用时,一切似乎都为预检OPTIONS调用正确设置了,但仍然抛出“在请求的资源上没有'Access-Control-Allow-Origin'标头”错误。
对于AWS API网关的OPTIONS和GET方法,Access-Control-Allow-Origin都设置为*。我想念什么吗?
这是OPTIONS请求/响应:
Request URL: https://<url-removed-for-security>/dashboard-overview
Request Method: OPTIONS
Status Code: 200
Remote Address: <IP removed>
Referrer Policy: no-referrer-when-downgrade
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: GET,OPTIONS
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Mon, 13 May 2019 22:39:43 GMT
status: 200
x-amz-apigw-id: ZpLHdES-CYcFncQ=
x-amzn-requestid: 00b54e20-75d0-11e9-a7e5-4fb1ca2bc174
Provisional headers are shown
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: http://localhost:8080
Referer: http://localhost:8080/dashboard
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
这是GET请求:
Request URL: https://<url-removed-for-security>/dashboard-overview
Request Method: GET
Status Code: 403
Remote Address: <IP REMOVED>
Referrer Policy: no-referrer-when-downgrade
Provisional headers are shown
Accept: application/json, text/plain, */*
Authorization: Appsec <TOKEN-STRING>
Origin: http://localhost:8080
Referer: http://localhost:8080/dashboard
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36