Haproxy CORS所请求的资源上不存在“ Access-Control-Allow-Origin”标头

时间:2019-10-16 21:58:42

标签: cors haproxy

我想配置haproxy来处理CORS,以响应被调用返回以下内容:

<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers">Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId</Header>
<Header name="Access-Control-Max-Age">3628800</Header>
<Header name="Access-Control-Allow-Methods">GET, DELETE, OPTIONS, POST, PUT</Header>

但是,相反,我得到“所请求的资源上没有'Access-Control-Allow-Origin'标头”。请注意,我使用的是haproxy 1.7.9,并且无法使用lua进行编译。

我已经审查了https://www.haproxy.com/blog/enabling-cors-in-haproxy/,但无法使用lua重新编译。

HAProxy CORS OPTIONS header intercept setup

global
  log 127.0.0.1   local0
  log-send-hostname

  chroot /etc/haproxy
  pidfile /var/run/haproxy.pid
  maxconn 40000
  user haproxy
  group haproxy

  daemon
  nbproc 2
  tune.ssl.cachesize 100000
  tune.ssl.default-dh-param 2048

defaults
  log     global
  log-format  %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %U\ %CC\ \ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hrl\ %hs\ %{+Q}r
  mode    http
  retries 3
  timeout check 60s
  timeout client 1m
  timeout client-fin 10s
  timeout connect 10s
  timeout http-keep-alive 60s
  timeout http-request 60s
  timeout queue 1m
  timeout server 1m
  timeout server-fin 10s
  option dontlognull
  option forceclose
  option forwardfor
  option http-server-close
  balance  roundrobin

# Set up application listeners here.
resolvers dns
  nameserver            dns1 XXXXXXXXXXXXXXXXXXXXXXXXXX
  resolve_retries       3
  timeout retry         1s
  hold valid            10s

frontend http_frontend
  mode http
  bind XXXXXXXXXXXXXXXXXXX:80 accept-proxy

  capture request header Authorization len 64
  .
  .
  default_backend dead_end

frontend https_frontend
  mode http
  bind XXXXXXXXXXXXXXXX:443 accept-proxy ssl crt /etc/haproxy/crt/ ssl verify optional ca-file /etc/haproxy/ca-file/ca-haproxy-stage.crt ciphers ECDHE-RSA-AES256-SHA:!RC4-SHA:!RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM no-sslv3

  capture request header Host len 64
  capture request header Authorization len 128
  .
  .
  capture request header Content-Length len 64
  capture request header Content-Type len 64


# BEGIN CORS

  capture request header origin len 128

  http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
  rspadd Access-Control-Allow-Headers:\ Origin,\ X-Requested-With,\ Content-Type,\ Accept,\ Authorization,\ JSNLog-RequestId,\ activityId,\ applicationId,\ applicationUserId,\ channelId,\ senderId,\ sessionId  if { capture.req.hdr(0) -m found }
  rspadd Access-Control-Max-Age:\ 3628800 if { capture.req.hdr(0) -m found } 
  rspadd Access-Control-Allow-Credentials:\ true  if { capture.req.hdr(0) -m found }
  rspadd Access-Control-Allow-Methods:\ GET,\ DELETE,\ OPTIONS,\ POST,\ PUT  if { capture.req.hdr(0) -m found }

 # END CORS

  use_backend bkservice


backend bkservice
  mode http

  option tcp-check
  option log-health-checks
  tcp-check connect port 80
  tcp-check send GET\ /hap_health HTTP/1.0\r\n
  tcp-check send \r\n
  tcp-check expect rstring HTTP/1.0\ 200\ OK
  server BK_SERVICE myservice.stage.com:443 ssl verify none sni str(myservice.stage.com) check resolvers dns

backend dead_end
  mode http
  server de 127.0.0.1:9001

从原点“ https://myservice.stage.com/endpoint”到“ http://localhost:4200”处对XMLHttpRequest的访问已被CORS策略阻止:对预检请求的响应未通过访问控制检查:否'Access-Control-Allow-来源的标头出现在请求的资源上。

1 个答案:

答案 0 :(得分:0)

如果要允许所有操作,则可以在配置中删除CORS块并为每个响应设置所需的标头:

frontend https_frontend
    ...
    # BEGIN CORS
    http-response set-header Access-Control-Allow-Origin "*"
    http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
    http-response set-header Access-Control-Max-Age 3628800
    http-response set-header Access-Control-Allow-Methods "GET, DELETE, OPTIONS, POST, PUT"
    # END CORS

但是您应该确保可以使用通配符来提供服务。如果不是,那么找到使用Lua支持编译的HAProxy的方法可能很有意义。