Apigee OPTIONS 404(Apigee OPTIONS 404)

2019-10-19 05:24发布

站内文章 / 前端开发
86 0 0

我已经被Apigee的CORS支持难倒。 我建立一个新的代理,并确保向勾选“启用你的API直接浏览器访问 - 通过从CORS浏览器允许直接请求” 框。

看来,CORS正在为正常的GET请求,但是预飞OPTIONS请求不被发现,并返回一个404,我发现这个答案 ,但没能因为它似乎是一个不同的问题,也许是为了解决我的问题呢?

我想回答的主要问题是我怎么设置访问控制允许来源= *所有请求? 即使OPTIONS请求?

代理端点

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
    <Description/>
    <Flows>
        <Flow name="Forecast">
            <Description/>
            <Request/>
            <Response/>
            <Condition>(proxy.pathsuffix MatchesPath &quot;/forecast&quot;) and (request.verb = &quot;GET&quot;)</Condition>
        </Flow>
    </Flows>
    <PreFlow name="PreFlow">
        <Request/>
        <Response/>
    </PreFlow>
    <HTTPProxyConnection>
        <BasePath>/v1/weather</BasePath>
        <VirtualHost>default</VirtualHost>
        <VirtualHost>secure</VirtualHost>
    </HTTPProxyConnection>
    <RouteRule name="default">
        <TargetEndpoint>default</TargetEndpoint>
    </RouteRule>
    <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
</ProxyEndpoint>

目标端点

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
    <Description/>
    <Flows>
        <Flow name="OptionsCORS">
            <Description/>
            <Request/>
            <Response>
                <Step>
                    <Name>CrossOriginResourceSharing</Name>
                </Step>
            </Response>
            <Condition>request.verb equals "OPTIONS"</Condition>
        </Flow>
    </Flows>
    <PreFlow name="PreFlow">
        <Request/>
        <Response>
            <Step>
                <Name>CrossOriginResourceSharing</Name>
            </Step>
        </Response>
    </PreFlow>
    <HTTPTargetConnection>
        <URL>https://home.nest.com/api/0.1/weather</URL>
    </HTTPTargetConnection>
    <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
</TargetEndpoint>

加入CORS文件

<AssignMessage async="false" continueOnError="false" enabled="true" name="CrossOriginResourceSharing">
    <DisplayName>Add CORS</DisplayName>
    <FaultRules/>
    <Properties/>
    <Add>
        <Headers>
            <Header name="Access-Control-Allow-Origin">*</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
            <Header name="Access-Control-Max-Age">3628800</Header>
            <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE, OPTIONS</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>

万一它helps-以下是当仁不让的请求时,我得到的错误。 我使用的是Chrome和有一个AngularJS应用。 我已经能够复制使用卷曲声明的问题,也是(卷曲-H“来源:本地主机” --verbose HTTP://*********-prod.apigee.net/v1/weather /预测/ 12345 -X OPTIONS) 

{
    "url": "/api/0.1/weather/forecast/73013",
    "message": "404 Not Found"
}

谢谢!

Answer 1:

在你的名为proxy.xml你添加一个特定流期权

<Flow name="OPTIONS">
   <Description>This flow is for client side applications</Description>
      <Response>
         <Step>
            <Name>CORSResponse</Name>
         </Step>
      </Response>
   <Condition>(request.verb = &quot;OPTIONS&quot;)</Condition>
   <Request/>
</Flow>

现在CORSResponse.xml策略可以像下面

<AssignMessage name="CORSResponse">
    <AssignTo type="response" createNew="true" />
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>

    <Set>
        <Headers>
            <Header name="Access-Control-Allow-Origin">yourdomain.com</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, x-source-ip, Accept, Authorization, User-Agent, Host, Accept-Language, Location, Referer</Header>
            <Header name="Access-Control-Allow-Methods">GET, POST</Header>
        </Headers>
        <StatusCode>200</StatusCode>
    </Set>

</AssignMessage>


Answer 2:

解决的办法是添加穿过我的API在OPTIONS请求阻止请求RouteRule。 

<RouteRule name="NoRoute">
    <Condition>request.verb == "OPTIONS"</Condition>
</RouteRule>

另外我添加了添加CORS支撑于所述响应的流

<Flow name="OptionsPreFlight">
    <Request/>
        <Response>
            <Step>
                <Name>Add-CORS</Name>
            </Step>
        </Response>
    <Condition>request.verb == "OPTIONS"</Condition>
</Flow>

而我的最后一个add-CORS政策

<AssignMessage async="false" continueOnError="false" enabled="true" name="Add-CORS">
    <DisplayName>Add CORS</DisplayName>
    <FaultRules/>
    <Properties/>
    <Add>
        <Headers>
            <Header name="Access-Control-Allow-Origin">*</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
            <Header name="Access-Control-Max-Age">3628800</Header>
            <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>


文章来源: Apigee OPTIONS 404
标签: cross-domain cors apigee
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~