AWS Lambda 函数的跨源资源共享（CORS）配置指南

今天golang学习网给大家带来了《AWS Lambda 函数的跨源资源共享（CORS）配置指南》，其中涉及到的知识点包括等等，无论你是小白还是老手，都适合看一看哦~有好的建议也欢迎大家在评论留言，若是看完有所收获，也希望大家能多多点赞支持呀！一起加油学习~

我正在尝试为用 go 编写的 lambda 函数启用 cors，下面是我的配置和代码。

这是我的 sam 配置...

authbindapi:
    type: aws::serverless::api
    properties:
      stagename: prod
      cors:
        alloworigin: "'*'"
        allowmethods: "'post,options'"
        allowheaders: "'x-amz-date,x-api-key,x-amz-security-token,x-requested-with,x-auth-token,referer,user-agent,origin,content-type,authorization,accept,access-control-allow-methods,access-control-allow-origin,access-control-allow-headers'"
      auth:
        defaultauthorizer: cognitoauthorizer
        authorizers:
          cognitoauthorizer:
            userpoolarn: !getatt cognitouserpool.arn

  authbindfunction:
    type: aws::serverless::function
    properties:
      codeuri: functions/auth/bind
      handler: bind
      runtime: go1.x
      tracing: active
      policies:
        - dynamodbcrudpolicy:
            tablename: !ref authinfotable
        - version: "2012-10-17"
          statement:
            - effect: "allow"
              action: "cognito-identity:getopenidtokenfordeveloperidentity"
              resource: "*"
      events:
        apievent:
          type: api
          properties:
            path: /auth/bind
            method: post
            restapiid: !ref authbindapi
            auth:
              authorizer: cognitoauthorizer
        options:
          type: api
          properties:
            path: /auth/bind
            method: options
            restapiid: !ref authbindapi

...这是我的 lambda：

func handler(ctx context.context, req events.apigatewayproxyrequest) (events.apigatewayproxyresponse, error) {
    ...

    return events.apigatewayproxyresponse{
        headers: map[string]string{
            "access-control-allow-origin":  "*",
            "access-control-allow-methods": "post,options",
            "access-control-allow-headers": "x-amz-date,x-api-key,x-amz-security-token,x-requested-with,x-auth-token,referer,user-agent,origin,content-type,authorization,accept,access-control-allow-methods,access-control-allow-origin,access-control-allow-headers",
        },
        statuscode: http.statusok,
    }, nil
}

我还尝试指定所有可能的 http 方法...但我总是收到以下错误消息：

Access to XMLHttpRequest at 'https://lc5zxsnfg5.execute-api.eu-west-1.amazonaws.com/Prod/bind' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

我已经奋斗了 2 天了，如果有任何提示，我们将不胜感激。

解决方案

这是工作配置：

AuthBindApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Cors:
        AllowOrigin: "'*'"
        AllowMethods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
        AllowHeaders: "'X-Amz-Date,X-Api-Key,X-Amz-Security-Token,X-Requested-With,X-Auth-Token,Referer,User-Agent,Origin,Content-Type,Authorization,Accept,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-Headers'"
      Auth:
        DefaultAuthorizer: CognitoAuthorizer
        Authorizers:
          CognitoAuthorizer:
            UserPoolArn: !GetAtt CognitoUserPool.Arn

  AuthBindFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: functions/auth/bind
      Handler: bind
      Runtime: go1.x
      Tracing: Active
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref AuthInfoTable
        - Version: "2012-10-17"
          Statement:
            - Effect: "Allow"
              Action: "cognito-identity:GetOpenIdTokenForDeveloperIdentity"
              Resource: "*"
      Events:
        ApiEvent:
          Type: Api
          Properties:
            Path: /auth/bind
            Method: POST
            RestApiId: !Ref AuthBindApi
            Auth:
              Authorizer: CognitoAuthorizer

不要问我为什么...但是将所有 http 方法放入 allowmethods 就可以了：

allowmethods：“'delete、get、head、options、patch、post、put'”

到这里，我们也就讲完了《AWS Lambda 函数的跨源资源共享（CORS）配置指南》的内容了。个人认为，基础知识的学习和巩固，是为了更好的将其运用到项目中，欢迎关注golang学习网公众号，带你了解更多关于的知识点！