我有执行lambda函数的API网关端点。我想使用aws_iam作为授权程序来保护我的api端点。我为此设置了一个具有联合身份的用户池。然而,在将其实现到cloudformation模板中后,我从我的angular应用程序中用一个经过身份验证的用户调用它时遇到了一个cors错误:
Access to XMLHttpRequest at 'api endpoint url' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
这是我的cf模板的代码:
create:
handler: functions/api-create.create
events:
- http:
path: get/create
method: get
authorizer: aws_iam
cors: true
我的lambda函数如下:
export const create = async (event, context) => {
console.log('Create: ', event)
console.log('Context: ', context)
const response = {
statusCode: 200,
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Credentials': true,
},
body: JSON.stringify({
product: "hallo"
}),
};
return response;
};
没有authorizer: aws_iam,一切都很好,我得到了预期的响应。有人知道我在这里会错过什么吗。
自己发现的。以下是我所做的。
在为GatewayRespons默认错误创建资源后,他们在我的Serverless.yml文件中也有正确的标题和这个模板:
Resources:
GatewayResponseDefault4XX:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: DEFAULT_4XX
RestApiId:
Ref: 'ApiGatewayRestApi'
GatewayResponseDefault5XX:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: DEFAULT_5XX
RestApiId:
Ref: 'ApiGatewayRestApi'
我收到的错误变为403错误。现在,我为我的api端点启用了云观察日志记录,因为我是用授权用户调用端点的。
我现在看到了错误:
"message": "Credential should be scoped to a valid region, not 'us-east-1'. "
经过一点尝试和错误,我发现我们的,由于我使用放大,我必须在区域中通过放大配置上的api,如下所示:
Amplify.configure({
Auth: {
mandatorySignIn: true,
region: awsExports.cognito.REGION,
userPoolId: awsExports.cognito.USER_POOL_ID,
identityPoolId: awsExports.cognito.IDENTITY_POOL_ID,
userPoolWebClientId: awsExports.cognito.APP_CLIENT_ID,
},
API: {
endpoints: [
{
name: awsExports.api.name,
endpoint: awsExports.api.endpoint,
region: "eu-west-1" // <-- This was missing
}
]
}