【发布时间】:2023-03-07 09:07:01
【问题描述】:
我已经坚持了 4 天了。我真的需要一些见解。
我在 AWS 上部署了一个无服务器 express 应用程序。我从 S3 为我的前端提供服务,从 lambda 提供后端服务。 API 网关具有代理,如下面的 serverless.yml 所示。
我还使用 Cloudfront 将我的域 (https://my.domain.com.au) 映射到 S3 存储桶原始 URL。
正常的 GET POST PUT DELETE 请求工作正常。但是当我尝试从 Lambda 访问任何其他 AWS 服务时,我会收到以下 CORS 错误。
Access to XMLHttpRequest at 'https://0cn0ej4t5w.execute-api.ap-southeast-2.amazonaws.com/prod/api/auth/reset-password' from origin 'https://my.domain.com.au' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
我的用例是从我尝试使用的应用发送邮件。
ses.sendEmail(params).promise();
这给了我同样的错误。所以我尝试通过 lambda 调用它,同样的错误。现在我正在尝试将邮件内容推送到 S3 并使用触发器从 lambda 发送邮件,但这给了我同样的错误。
问题似乎不在代码上,因为它在本地环境中完美运行。但是,我不想留下任何石头。
由于我的 lambda 在 VPC 中,我使用了互联网网关并尝试设置私有链接。
无服务器.yml
service: my-api
# plugins
plugins:
- serverless-webpack
- serverless-offline
- serverless-dotenv-plugin
# custom for secret inclusions
custom:
stage: ${opt:stage, self:provider.stage}
serverless-offline:
httpPort: 5000
webpack:
webpackConfig: ./webpack.config.js
includeModules: # enable auto-packing of external modules
forceInclude:
- mysql
- mysql2
- passport-jwt
- jsonwebtoken
- moment
- moment-timezone
- lodash
# provider
provider:
name: aws
runtime: nodejs12.x
# you can overwrite defaults here
stage: prod
region: ${env:AWS_REGION_APP}
timeout: 10
iamManagedPolicies:
- 'arn:aws:iam::777777777777777:policy/LambdaSESAccessPolicy'
vpc:
securityGroupIds:
- ${env:AWS_SUBNET_GROUP_ID}
subnetIds:
- ${env:AWS_SUBNET_ID1}
- ${env:AWS_SUBNET_ID2}
- ${env:AWS_SUBNET_ID3}
environment:
/// env variables (hidden)
iamRoleStatements:
- Effect: "Allow"
Action:
- s3:*
- ses:*
- lambda:*
Resource: '*'
# functions
functions:
app:
handler: server.handler
events:
- http:
path: /
method: ANY
- http:
path: /{proxy+}
method: ANY
cors:
origin: ${env:CORS_ORIGIN_URL}
allowCredentials: true
headers: 'Access-Control-Allow-Origin, Access-Control-Allow-Headers, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization'
method: ANY
# you can add CloudFormation resource templates here
resources:
# API Gateway Errors
- ${file(resources/api-gateway-errors.yml)}
# VPC Access for RDS
- ${file(resources/lambda-vpc-access.yml)}
我也配置了响应头:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", process.env.CORS_ORIGIN_URL);
res.header("Access-Control-Allow-Headers", "Access-Control-Allow-Origin, Access-Control-Allow-Headers, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization");
res.header("Access-Control-Allow-Credentials", "true");
res.header("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT,DELETE");
next();
});
【问题讨论】:
标签: amazon-s3 aws-lambda cors amazon-cloudfront amazon-ses