1. 首頁
  2. 問答
  3. Apigee選項404

Apigee選項404

2014-01-14 42 views
1

我被Apigee的CORS支持難住了。我設置了一個新的代理,並確保勾選「爲您的API啓用直接瀏覽器訪問 - 允許通過CORS從瀏覽器發出直接請求。」框。Apigee選項404

看來,CORS正在爲正常的GET請求工作,但是沒有找到飛行前OPTIONS請求並且返回了404。我發現這個answer,但無法解決我的問題,因爲它看起來像一個不同的問題也許?

我想回答的主要問題是如何爲所有請求設置Access-Control-Allow-Origin = *?即使OPTIONS請求?

代理端點

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<ProxyEndpoint name="default"> 
    <Description/> 
    <Flows> 
     <Flow name="Forecast"> 
      <Description/> 
      <Request/> 
      <Response/> 
      <Condition>(proxy.pathsuffix MatchesPath &quot;/forecast&quot;) and (request.verb = &quot;GET&quot;)</Condition> 
     </Flow> 
    </Flows> 
    <PreFlow name="PreFlow"> 
     <Request/> 
     <Response/> 
    </PreFlow> 
    <HTTPProxyConnection> 
     <BasePath>/v1/weather</BasePath> 
     <VirtualHost>default</VirtualHost> 
     <VirtualHost>secure</VirtualHost> 
    </HTTPProxyConnection> 
    <RouteRule name="default"> 
     <TargetEndpoint>default</TargetEndpoint> 
    </RouteRule> 
    <PostFlow name="PostFlow"> 
     <Request/> 
     <Response/> 
    </PostFlow> 
</ProxyEndpoint>

目標端點

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<TargetEndpoint name="default"> 
    <Description/> 
    <Flows> 
     <Flow name="OptionsCORS"> 
      <Description/> 
      <Request/> 
      <Response> 
       <Step> 
        <Name>CrossOriginResourceSharing</Name> 
       </Step> 
      </Response> 
      <Condition>request.verb equals "OPTIONS"</Condition> 
     </Flow> 
    </Flows> 
    <PreFlow name="PreFlow"> 
     <Request/> 
     <Response> 
      <Step> 
       <Name>CrossOriginResourceSharing</Name> 
      </Step> 
     </Response> 
    </PreFlow> 
    <HTTPTargetConnection> 
     <URL>https://home.nest.com/api/0.1/weather</URL> 
    </HTTPTargetConnection> 
    <PostFlow name="PostFlow"> 
     <Request/> 
     <Response/> 
    </PostFlow> 
</TargetEndpoint>

添加CORS文件

<AssignMessage async="false" continueOnError="false" enabled="true" name="CrossOriginResourceSharing"> 
    <DisplayName>Add CORS</DisplayName> 
    <FaultRules/> 
    <Properties/> 
    <Add> 
     <Headers> 
      <Header name="Access-Control-Allow-Origin">*</Header> 
      <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header> 
      <Header name="Access-Control-Max-Age">3628800</Header> 
      <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE, OPTIONS</Header> 
     </Headers> 
    </Add> 
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> 
    <AssignTo createNew="false" transport="http" type="response"/> 
</AssignMessage>

萬一它helps-以下是當仁不讓的請求時,我得到的錯誤。我使用的是Chrome,並且有一個AngularJS應用程序。我已經能夠使用cURL語句複製問題 (curl -H「Origin:localhost」--verbose http://*********-prod.apigee.net/v1/天氣預報/ 12345 -X選項)

{ 
    "url": "/api/0.1/weather/forecast/73013", 
    "message": "404 Not Found" 
}

謝謝!

來源

2014-01-14 adam8810

回答

0

解決的辦法是添加防止RouteRule在OPTIONS請求上傳遞給我的API的請求。

<RouteRule name="NoRoute"> 
    <Condition>request.verb == "OPTIONS"</Condition> 
</RouteRule>

另外我補充說,添加CORS支持響應

<Flow name="OptionsPreFlight"> 
    <Request/> 
     <Response> 
      <Step> 
       <Name>Add-CORS</Name> 
      </Step> 
     </Response> 
    <Condition>request.verb == "OPTIONS"</Condition> 
</Flow>

我很欣賞的響應@ santanu,人家一個流量和我的最後一個add-CORS政策

<AssignMessage async="false" continueOnError="false" enabled="true" name="Add-CORS"> 
    <DisplayName>Add CORS</DisplayName> 
    <FaultRules/> 
    <Properties/> 
    <Add> 
     <Headers> 
      <Header name="Access-Control-Allow-Origin">*</Header> 
      <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header> 
      <Header name="Access-Control-Max-Age">3628800</Header> 
      <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header> 
     </Headers> 
    </Add> 
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> 
    <AssignTo createNew="false" transport="http" type="response"/> 
</AssignMessage>

來源

2014-01-18 18:58:26 adam8810

+0

有一個關於CORS預檢要求在Apigee一個文檔http://apigee.com/docs/api-services/content/adding -cors支持的API代理 –

2

在你的名爲proxy.xml您添加特定選項之一多個流動

<Flow name="OPTIONS"> 
    <Description>This flow is for client side applications</Description> 
     <Response> 
     <Step> 
      <Name>CORSResponse</Name> 
     </Step> 
     </Response> 
    <Condition>(request.verb = &quot;OPTIONS&quot;)</Condition> 
    <Request/> 
</Flow>

現在CORSResponse.xml策略可以像下面

<AssignMessage name="CORSResponse"> 
    <AssignTo type="response" createNew="true" /> 
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> 

    <Set> 
     <Headers> 
      <Header name="Access-Control-Allow-Origin">yourdomain.com</Header> 
      <Header name="Access-Control-Allow-Headers">origin, x-requested-with, x-source-ip, Accept, Authorization, User-Agent, Host, Accept-Language, Location, Referer</Header> 
      <Header name="Access-Control-Allow-Methods">GET, POST</Header> 
     </Headers> 
     <StatusCode>200</StatusCode> 
    </Set> 

</AssignMessage>

來源

2014-01-14 04:13:45

+0

。我退後一步,意識到我收到的404是來自我的終端。我的CORS知識在這一點上仍然有限,所以我想知道是否需要阻止OPTIONS請求甚至到達端點,並且僅返回帶有StatusCode 200的Access-Control-Allow-Origin。是什麼_should_是與您發佈的信息發生了什麼? – adam8810

+0

我對CORS pre-flight的理解是,CORS預檢指定了它願意處理的跨域請求。因此,瀏覽器/客戶端不會發送意外/不安全的請求。它就像協議一樣,與服務器端的實際服務邏輯/內容無關。因此,在進入任何其他邏輯之前,最好先處理OPTIONS呼叫。 –

+0

當我插入您的建議代碼時,我收到了405響應:{ 「fault」:{ 「faultstring」:「Received 405 Response without Header」, 「detail」:{ 「errorcode」:「protocol.http 。Response405WithoutAllowHeader「 } } } – adam8810

相關問題

 相關問題