3
我已經使用POST Lambda代理方法和OPTIONS方法爲CORS頭設置了APIGateway資源。用於Lambda代理的AWS APIGateway CORS不適用
的OPTIONS方法返回這些頭:當我打電話了POST端點生成的JavaScript SDK
$ curl -i -X OPTIONS https://xxxxxxxxx.execute-api.eu-central-1.amazonaws.com/dev/endpoint1
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
Date: Sat, 18 Feb 2017 17:07:17 GMT
x-amzn-RequestId: xxxx
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
Access-Control-Allow-Methods: POST,OPTIONS
X-Cache: Miss from cloudfront
Via: 1.1 xxxx.cloudfront.net (CloudFront)
X-Amz-Cf-Id: xxxx==
然而,Chrome瀏覽器控制檯顯示此錯誤:
XMLHttpRequest cannot load https://xxxx.execute-api.eu-central-1.amazonaws.com/dev/endpoint1.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8080' is therefore not allowed access.
以及火狐:
Cross-Origin Request Blocked:
The Same Origin Policy disallows reading the remote resource at https://xxxx.execute-api.eu-central-1.amazonaws.com/dev/endpoint1.
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
爲什麼m y CORS頭部沒有考慮到?是否需要更改POST方法設置?
你不能指望CORS一起工作「本地主機」,大概是因爲那是假的,你的瀏覽器知道它。使用'HTTP測試您的網站:// lvh.me'或通過'http:// www.127.0.0.1.xip.io'。這些是localhost的別名,但您的瀏覽器不知道。 –