wso2 - WSO2 APIM 在 PUT 请求上返回“无效的 CORS 请求”
问题描述
“无效的 CORS 请求”仅在 PUT 请求中有原始标头时才会出现。它适用于所有其他动词,例如:GET。
已使用 wiki 启用:为 API 和 API 级别启用 CORS:/usr/lib64/wso2/wso2am/2.6.0/repository/deployment/server/synapse-configs/default/api/admin--Restricted_v1.0.0 .xml
放置 API:
curl -v 'https://api.mycompany.com/restricted/1.0.0/A/ba56bf80-9678-11e9-8508-0242ac110003' -XPUT -H 'Accept: application/json, text/plain, */*' -H 'Referer : http://local.mycompany.com:4200/B/' -H 'Origin : http://local.mycompany.com:4200' -H "Authorization : Bearer <WSO2_ACCESS_TOKEN>" -H "MYCOMPANY_AUTH : <CUSTOM_AUTH_TOKEN>" -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' -H 'Content-Type: text/plain' --data-binary '{"ruleId":"ba56bf80-9678-11e9-8508-0242ac110003","created":"2019-06-24T15:43:53.289Z","context":"TM","version":3,"name":"e2e-testing-rule","author":"System Admin","description":"some description","expression":"a>b","category":"ABC","score":"121","labels":["1","2","3"]}' --compressed
响应:无效的 CORS 请求
响应标题:
* We are completely uploaded and fine
< HTTP/2 403
< date: Thu, 27 Jun 2019 04:43:34 GMT
< content-type: application/octet-stream
< x-frame-options: DENY
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< access-control-allow-origin: *
< access-control-allow-methods: PUT
< x-content-type-options: nosniff
< vary: Access-Control-Request-Headers
< vary: Access-Control-Request-Method
< vary: Origin
< expires: 0
< pragma: no-cache
< x-xss-protection: 1; mode=block
< access-control-allow-headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction,mycompany_auth,Accept-Encoding,Host,Content-Length,accept,referer,origin,user-agent,content-type
获取 API:
curl -v -H "accept: */*" -H "Authorization : Bearer <WSO2_ACCESS_TOKEN>" -H "MYCOMPANY_AUTH : <CUSTOM_AUTH_TOKEN>" -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' -H 'Content-Type: text/plain' https://api.mycompany.com/restricted/1.0.0/A/ba56bf80-9678-11e9-8508-0242ac110003 | jq .
响应:有效的 JSON 响应
响应标题:
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< date: Thu, 27 Jun 2019 04:38:50 GMT
< content-type: application/hal+json;charset=UTF-8
< x-frame-options: DENY
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< access-control-allow-origin: *
< access-control-allow-methods: GET
< x-content-type-options: nosniff
< vary: Access-Control-Request-Headers
< vary: Access-Control-Request-Method
< vary: Origin
< expires: 0
< pragma: no-cache
< x-xss-protection: 1; mode=block
< access-control-allow-headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction,mycompany_auth,Accept-Encoding,Host,Content-Length,accept,referer,origin,user-agent,content-type
由于 GET 调用有效,因此不清楚 PUT 调用中遗漏了什么!任何指针?
解决方案
推荐阅读
- python - 为什么python“(hash).values()”会给出“(hash).keys()没有给出的错误?
- javascript - 在 React Native 中为 setState 使用异步等待的最佳实践
- java - 如何修复android工具栏中的重复项,(需要删除工具栏上的菜单项)?
- google-kubernetes-engine - 无法从部署在 GKE 中的 ISTIO 访问 cassandra
- python-3.x - 努力将方法调用到另一个类
- git - Visual Studio Git 详细信息
- php - 在用户无法查看数据的情况下将 php 数据转换为 html
- python - 如何使用python在csv文件中写入包含逗号的列表?
- python - Python - 在函数之间使用变量
- delphi - 根据按钮的用途创建框架