Angular SPA與API網關中的任何access-control-allow-methods不一致

[英]Angular SPA inconsistent with ANY access-control-allow-methods from API Gateway


We're currently using a Serverless deployment model for our API, with a NodeJS express code base. All was well until we ran into a hard limit for the CloudFormation stacks created by serverless which have a created resource limit of 200.

我們目前正在為我們的API使用無服務器部署模型,具有NodeJS快速代碼庫。一切順利,直到我們遇到無服務器創建的CloudFormation堆棧的硬限制,其創建的資源限制為200。

Trying to work around this while the Serverless team is working on nested stack integration was to replace GET,PUT,POST,DELETE for a single route with ANY which saved us roughly 75% in CloudFormation resources.

在無服務器團隊正在進行嵌套堆棧集成的同時,嘗試解決這個問題的方法是使用ANY替換單個路由的GET,PUT,POST,DELETE,這在CloudFormation資源中節省了大約75%。

API Gateway seemed to take it well, the integration response for the OPTIONS route returned Access-Control-Allow-Methods: 'OPTIONS,ANY'.

API Gateway似乎很好,OPTIONS路由的集成響應返回了Access-Control-Allow-Methods:'OPTIONS,ANY'。

Testing this with postman worked like a charm, being able to use all previously mentioned methods without a hitch.

使用郵遞員進行測試就像一個魅力,能夠毫不費力地使用前面提到的所有方法。

Exercising this from our Angular front-end doesn't seem to work though.

從我們的Angular前端執行此操作似乎並不起作用。

XMLHttpRequest cannot load . Method PUT is not allowed by Access-Control-Allow-Methods in preflight response.

XMLHttpRequest無法加載。在預檢響應中,Access-Control-Allow-Methods不允許使用方法PUT。

In Angular's eyes, POST, PUT, DELETE, ... don't match up to ANY whereas for postman it does.

在Angular的眼中,POST,PUT,DELETE,......與任何人都不匹配,而對於郵遞員而言,它確實如此。

Any input why this might be occurring will be greatly appreciated.

任何可能發生這種情況的輸入將不勝感激。

UPDATE

A POST request works through the Angular application, just the PUT and DELETE requests throw the 'not allowed by Access-Control-Allow-Methods' error.

POST請求通過Angular應用程序工作,只有PUT和DELETE請求拋出'Access-Control-Allow-Methods'不允許的錯誤。

2 个解决方案

#1


0  

The integration response for the OPTIONS route returned Access-Control-Allow-Methods: 'OPTIONS,ANY'.

OPTIONS路由的集成響應返回了Access-Control-Allow-Methods:'OPTIONS,ANY'。

If you are enabling CORS by creating OPTIONS resource via CloudFormation template, then you should make 'Access-Control-Allow-Methods' header to return 'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT' instead of 'OPTIONS,ANY'. (This is how API Gateway console would do if you enable CORS from console). That should fix it.

如果您通過CloudFormation模板創建OPTIONS資源來啟用CORS,那么您應該使'Access-Control-Allow-Methods'標題返回'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'而不是'OPTIONS,ANY ”。 (如果從控制台啟用CORS,這就是API Gateway控制台的功能)。那應該解決它。

#2


0  

Updating Serverless to a version higher than 1.10.0 fixed it. They've fixed this bug in this issue.

將無服務器更新到高於1.10.0的版本修復它。他們已經解決了這個問題。


注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2017/04/21/72f5e61ce5e1d737b4a6f5a2b709d4b4.html



 
粤ICP备14056181号  © 2014-2021 ITdaan.com