Lambda函数的URL报CORS错误,应该如何设置

0

【以下的问题经过翻译处理】 在使用Lambda函数URL代替API网关进行测试时,浏览器一直报CORS错误。 在API网关上启用CORS,浏览器报错消失了。

$ curl -v https://lo1mb5fn4f.execute-api.ap-southeast-2.amazonaws.com/prod/default -X OPTIONS
*   Trying 52.62.9.26:443...
* Connected to lo1mb5fn4f.execute-api.ap-southeast-2.amazonaws.com (52.62.9.26) port 443 (#0)
* schannel: disabled automatic use of client certificate
* schannel: ALPN, offering http/1.1
* schannel: ALPN, server accepted to use http/1.1
> OPTIONS /prod/default HTTP/1.1
> Host: lo1mb5fn4f.execute-api.ap-southeast-2.amazonaws.com
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Wed, 27 Apr 2022 09:18:52 GMT
< Content-Type: application/json
< Content-Length: 0
< Connection: keep-alive
< x-amzn-RequestId: 2b81917b-42e6-47ac-88dd-4211fb0b93ad
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
< x-amz-apigw-id: RO6ThFTYSwMFdqg=
< Access-Control-Allow-Methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
<
* Connection #0 to host lo1mb5fn4f.execute-api.ap-southeast-2.amazonaws.com left intact

然后在控制台中启用了CORS并对Lambda函数URL执行了相同的查询,但是没有返回CORS标头。

$ curl -v https://b3cdmthu62o6bqzcrb7efnw7be0ktquf.lambda-url.ap-southeast-2.on.aws/ -X OPTIONS
*   Trying 54.66.8.158:443...
* Connected to b3cdmthu62o6bqzcrb7efnw7be0ktquf.lambda-url.ap-southeast-2.on.aws (54.66.8.158) port 443 (#0)
* schannel: disabled automatic use of client certificate
* schannel: ALPN, offering http/1.1
* schannel: ALPN, server accepted to use http/1.1
> OPTIONS / HTTP/1.1
> Host: b3cdmthu62o6bqzcrb7efnw7be0ktquf.lambda-url.ap-southeast-2.on.aws
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Wed, 27 Apr 2022 09:20:18 GMT
< Content-Type: application/json
< Content-Length: 20
< Connection: keep-alive
< x-amzn-RequestId: 13433ad6-7504-4054-abf5-ca53f9b39b3f
< X-Amzn-Trace-Id: root=1-62690ad2-0796999b639d9a5507c42dfb;sampled=0
<
"Hello from Lambda!"* Connection #0 to host b3cdmthu62o6bqzcrb7efnw7be0ktquf.lambda-url.ap-southeast-2.on.aws left intact

这似乎是Lambda读取CORS数据的一个错误,是否有一种方法可以将其升级到AWS并报告这是一个错误?

profile picture
ESPERTO
posta 2 anni fa57 visualizzazioni
1 Risposta
0

【以下的回答经过翻译处理】 当你使用OPTIONS发送Preflight Request时,你需要包括你来自的Origin和要检查允许的Request Method。你可以通过包括OriginAccess-Control-Request-Method头来实现。

尝试使用以下curl命令,询问Lambda Function URL是否可以使用HTTP请求方法DELETEhttp://example.com进行跨源请求:

curl --location --request OPTIONS '<YOUR FURL HERE>' \
--header 'Origin: http://example.com' \
--header 'Access-Control-Request-Method: DELETE'
-v

这与你指定的相同的CORS配置在我的测试Function URL中的响应是:

> OPTIONS / HTTP/1.1
> Host: <My FURL>
> User-Agent: curl/7.64.1
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: DELETE
>
< HTTP/1.1 200 OK
< Date: Wed, 27 Apr 2022 14:50:31 GMT
< Content-Type: application/json
< Content-Length: 0
< Connection: keep-alive
< x-amzn-RequestId: fd7d31ab-604a-4cd0-9bae-ad9d83a74450
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: content-type,authorization,x-amz-date,x-api-key,x-amz-security-token
< Access-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE,PATCH
profile picture
ESPERTO
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande