You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/11/29 08:01:14 UTC
[GitHub] [apisix] zhikaichen123 opened a new issue #5637: 官方的cors(跨域组件)独立设置并不能有效、通用的使用, 这个是我的改进代码
zhikaichen123 opened a new issue #5637:
URL: https://github.com/apache/apisix/issues/5637
### Issue description
https://github.com/apache/apisix/blob/2a32f13824c0cc8e359feedd23e537422af3b28c/docs/zh/latest/plugins/cors.md
"plugins": {
"cors": {}
}
按照官方说法这样配置就可以有跨域效果,实则不然,这样浏览器调用还会有问题的,还是会有跨域异常。然后我看了其它帖子还要设置 Origin 什么的,这个也太难使用了!
### Environment
- apisix version (cmd: `apisix version`):
- OS (cmd: `uname -a`):
- OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
- etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API):
- apisix-dashboard version, if have:
- the plugin runner version, if the issue is about a plugin runner (cmd: depended on the kind of runner):
- luarocks version, if the issue is about installation (cmd: `luarocks --version`):
### Steps to reproduce
这个是我的优化,跨域实际上经历了两次请求,OPTIONS 方法 + 具体的业务 method
在这个类 apisix\cli\ngx_tpl.lua 的 access_by_lua_block 模块加入以下代码:
access_by_lua_block {
-- 添加跨域cors配置
local cors = require('apisix.core.cors')
local core = require("apisix.core")
local get_method = ngx.req.get_method
local method = get_method()
-- core.log.error("method: ",method)
-- local get_headers = ngx.req.get_headers
-- local headers = get_headers()
-- core.log.error("headers: ",core.json.encode(headers))
-- 表示跨域请求
-- 还需要结合 apisix\plugins\cors.lua 配置才可以到达真正跨域效果
if method == "OPTIONS" then
-- 跨域处理
cors.allow_host('*')
cors.allow_method('*')
cors.allow_header('*')
cors.max_age(7200)
cors.allow_credentials(true)
cors.run2()
return core.response.exit(204, "")
end
apisix.http_access_phase()
}
附近我的cors run 2方法
local re_match = ngx.re.match
local _M = { _VERSION = '0.1.0'}
local Origin = 'Origin'
local AccessControlAllowOrigin = 'Access-Control-Allow-Origin'
local AccessControlExposeHeaders = 'Access-Control-Expose-Headers'
local AccessControlMaxAge = 'Access-Control-Max-Age'
local AccessControlAllowCredentials = 'Access-Control-Allow-Credentials'
local AccessControlAllowMethods = 'Access-Control-Allow-Methods'
local AccessControlAllowHeaders = 'Access-Control-Allow-Headers'
local mt = { __index = _M }
local allow_hosts = {}
local allow_headers = {}
local allow_methods = {}
local expose_headers = {}
local max_age = 3600
local allow_credentials = true
function _M.run2()
ngx.header[AccessControlAllowOrigin] = "*"
ngx.header[AccessControlMaxAge] = max_age
ngx.header[AccessControlAllowMethods] = "*"
ngx.header[AccessControlAllowHeaders] = "*"
ngx.header["Cache-Control"] = "no-cache"
if allow_credentials == true then
ngx.header[AccessControlAllowCredentials] = "true"
else
ngx.header[AccessControlAllowCredentials] = "false"
end
end
注意:该配置还是需要结合官方的cors.lua
"plugins": {
"cors": {}
}
### Actual result
最后附上实际运行效果图
![image](https://user-images.githubusercontent.com/29646756/143829522-e0ca6e54-702a-4038-9633-9b70a4ddcfa7.png)
### Error log
over
### Expected result
_No response_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #5637: request help: the official cors plugin is not effective and universal, here is my improved code
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on issue #5637:
URL: https://github.com/apache/apisix/issues/5637#issuecomment-981510117
first, it's great that you can adapt APISIX's plug-ins to meet your business needs yourself.
> 按照官方说法这样配置就可以有跨域效果,实则不然,这样浏览器调用还会有问题的,还是会有跨域异常
pls describe the problem clearly
> 这个是我的优化
It's best to show your changes in PR or diff, otherwise it's hard for me to know what you've changed.
> 跨域实际上经历了两次请求,OPTIONS 方法 + 具体的业务 method
yes, The OPTIONS method is a preflight request to check if CORS is supported, for more info about CORS, see: https://github.com/apache/apisix/issues/4095#issuecomment-824622092
I think the CORS plugin conforms to the standard specification.
pls describe clearly with a case, I can't get the problem with the cors plugin you are talking about.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #5637: 官方的cors(跨域组件)独立设置并不能有效、通用的使用, 这个是我的改进代码
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on issue #5637:
URL: https://github.com/apache/apisix/issues/5637#issuecomment-981495412
pls use English on open channel.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass removed a comment on issue #5637: request help: the official cors plugin is not effective and universal, here is my improved code
Posted by GitBox <gi...@apache.org>.
tzssangglass removed a comment on issue #5637:
URL: https://github.com/apache/apisix/issues/5637#issuecomment-981505346
first, it's great that you can adapt APISIX's plug-ins to meet your business needs yourself.
> 按照官方说法这样配置就可以有跨域效果,实则不然,这样浏览器调用还会有问题的,还是会有跨域异常
pls describe the problem clearly
> 这个是我的优化
It's best to show your changes in PR or diff, otherwise it's hard for me to know what you've changed.
see
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #5637: request help: the official cors plugin is not effective and universal, here is my improved code
Posted by GitBox <gi...@apache.org>.
tzssangglass commented on issue #5637:
URL: https://github.com/apache/apisix/issues/5637#issuecomment-981505346
first, it's great that you can adapt APISIX's plug-ins to meet your business needs yourself.
> 按照官方说法这样配置就可以有跨域效果,实则不然,这样浏览器调用还会有问题的,还是会有跨域异常
pls describe the problem clearly
> 这个是我的优化
It's best to show your changes in PR or diff, otherwise it's hard for me to know what you've changed.
see
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org