1

我被 Apigee 的 CORS 支持难住了。我设置了一个新代理,并确保勾选“为您的 API 启用直接浏览器访问 - 允许通过 CORS 来自浏览器的直接请求”。盒子。

似乎 CORS 正在处理正常的 GET 请求,但是未找到飞行前 OPTIONS 请求并返回 404。我找到了这个答案但无法解决我的问题,因为它可能看起来像一个不同的问题?

我想回答的主要问题是如何为所有请求设置 Access-Control-Allow-Origin=*?甚至 OPTIONS 请求?

代理端点

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
    <Description/>
    <Flows>
        <Flow name="Forecast">
            <Description/>
            <Request/>
            <Response/>
            <Condition>(proxy.pathsuffix MatchesPath &quot;/forecast&quot;) and (request.verb = &quot;GET&quot;)</Condition>
        </Flow>
    </Flows>
    <PreFlow name="PreFlow">
        <Request/>
        <Response/>
    </PreFlow>
    <HTTPProxyConnection>
        <BasePath>/v1/weather</BasePath>
        <VirtualHost>default</VirtualHost>
        <VirtualHost>secure</VirtualHost>
    </HTTPProxyConnection>
    <RouteRule name="default">
        <TargetEndpoint>default</TargetEndpoint>
    </RouteRule>
    <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
</ProxyEndpoint>

目标端点

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
    <Description/>
    <Flows>
        <Flow name="OptionsCORS">
            <Description/>
            <Request/>
            <Response>
                <Step>
                    <Name>CrossOriginResourceSharing</Name>
                </Step>
            </Response>
            <Condition>request.verb equals "OPTIONS"</Condition>
        </Flow>
    </Flows>
    <PreFlow name="PreFlow">
        <Request/>
        <Response>
            <Step>
                <Name>CrossOriginResourceSharing</Name>
            </Step>
        </Response>
    </PreFlow>
    <HTTPTargetConnection>
        <URL>https://home.nest.com/api/0.1/weather</URL>
    </HTTPTargetConnection>
    <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
</TargetEndpoint>

添加 CORS 文件

<AssignMessage async="false" continueOnError="false" enabled="true" name="CrossOriginResourceSharing">
    <DisplayName>Add CORS</DisplayName>
    <FaultRules/>
    <Properties/>
    <Add>
        <Headers>
            <Header name="Access-Control-Allow-Origin">*</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
            <Header name="Access-Control-Max-Age">3628800</Header>
            <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE, OPTIONS</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>

以防万一它有帮助-以下是我在执行请求时遇到的错误。我正在使用 Chrome 并有一个 AngularJS 应用程序。我也能够使用 cURL 语句复制该问题( curl -H "Origin: localhost" --verbose http://*********-prod.apigee.net/v1/weather /forecast/12345 -X 选项)

{
    "url": "/api/0.1/weather/forecast/73013",
    "message": "404 Not Found"
}

谢谢!

4

2 回答 2

2

在您的 proxy.xml 中,您再添加一个特定于 OPTIONS 的流程

<Flow name="OPTIONS">
   <Description>This flow is for client side applications</Description>
      <Response>
         <Step>
            <Name>CORSResponse</Name>
         </Step>
      </Response>
   <Condition>(request.verb = &quot;OPTIONS&quot;)</Condition>
   <Request/>
</Flow>

现在 CORSResponse.xml 策略可以如下所示

<AssignMessage name="CORSResponse">
    <AssignTo type="response" createNew="true" />
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>

    <Set>
        <Headers>
            <Header name="Access-Control-Allow-Origin">yourdomain.com</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, x-source-ip, Accept, Authorization, User-Agent, Host, Accept-Language, Location, Referer</Header>
            <Header name="Access-Control-Allow-Methods">GET, POST</Header>
        </Headers>
        <StatusCode>200</StatusCode>
    </Set>

</AssignMessage>
于 2014-01-14T04:13:45.990 回答
0

解决方案是添加一个 RouteRule 来阻止请求通过 OPTIONS 请求传递到我的 API。

<RouteRule name="NoRoute">
    <Condition>request.verb == "OPTIONS"</Condition>
</RouteRule>

此外,我添加了一个向响应添加 CORS 支持的流程

<Flow name="OptionsPreFlight">
    <Request/>
        <Response>
            <Step>
                <Name>Add-CORS</Name>
            </Step>
        </Response>
    <Condition>request.verb == "OPTIONS"</Condition>
</Flow>

还有我的最终添加 CORS 政策

<AssignMessage async="false" continueOnError="false" enabled="true" name="Add-CORS">
    <DisplayName>Add CORS</DisplayName>
    <FaultRules/>
    <Properties/>
    <Add>
        <Headers>
            <Header name="Access-Control-Allow-Origin">*</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
            <Header name="Access-Control-Max-Age">3628800</Header>
            <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>
于 2014-01-18T18:58:26.623 回答