AWS - 如何为 Lambda 函数启用 CORS

Question

我正在尝试为用 Go 编写的 Lambda 函数启用 CORS，下面是我的配置和代码。

这是我的 SAM 配置...

  AuthBindApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Cors:
        AllowOrigin: "'*'"
        AllowMethods: "'POST,OPTIONS'"
        AllowHeaders: "'X-Amz-Date,X-Api-Key,X-Amz-Security-Token,X-Requested-With,X-Auth-Token,Referer,User-Agent,Origin,Content-Type,Authorization,Accept,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-Headers'"
      Auth:
        DefaultAuthorizer: CognitoAuthorizer
        Authorizers:
          CognitoAuthorizer:
            UserPoolArn: !GetAtt CognitoUserPool.Arn

  AuthBindFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: functions/auth/bind
      Handler: bind
      Runtime: go1.x
      Tracing: Active
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref AuthInfoTable
        - Version: "2012-10-17"
          Statement:
            - Effect: "Allow"
              Action: "cognito-identity:GetOpenIdTokenForDeveloperIdentity"
              Resource: "*"
      Events:
        ApiEvent:
          Type: Api
          Properties:
            Path: /auth/bind
            Method: POST
            RestApiId: !Ref AuthBindApi
            Auth:
              Authorizer: CognitoAuthorizer
        Options:
          Type: Api
          Properties:
            Path: /auth/bind
            Method: OPTIONS
            RestApiId: !Ref AuthBindApi

...这是我的 lambda：

func handler(ctx context.Context, req events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
    ...

    return events.APIGatewayProxyResponse{
        Headers: map[string]string{
            "Access-Control-Allow-Origin":  "*",
            "Access-Control-Allow-Methods": "POST,OPTIONS",
            "Access-Control-Allow-Headers": "X-Amz-Date,X-Api-Key,X-Amz-Security-Token,X-Requested-With,X-Auth-Token,Referer,User-Agent,Origin,Content-Type,Authorization,Accept,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-Headers",
        },
        StatusCode: http.StatusOK,
    }, nil
}

我还尝试指定所有可能的 HTTP 方法...但我总是收到以下错误消息：

Access to XMLHttpRequest at 'https://lc5zxsnfg5.execute-api.eu-west-1.amazonaws.com/Prod/bind' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

我已经苦苦挣扎了 2 天，任何提示将不胜感激。

Answer 1

这是工作配置：

  AuthBindApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Cors:
        AllowOrigin: "'*'"
        AllowMethods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
        AllowHeaders: "'X-Amz-Date,X-Api-Key,X-Amz-Security-Token,X-Requested-With,X-Auth-Token,Referer,User-Agent,Origin,Content-Type,Authorization,Accept,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-Headers'"
      Auth:
        DefaultAuthorizer: CognitoAuthorizer
        Authorizers:
          CognitoAuthorizer:
            UserPoolArn: !GetAtt CognitoUserPool.Arn

  AuthBindFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: functions/auth/bind
      Handler: bind
      Runtime: go1.x
      Tracing: Active
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref AuthInfoTable
        - Version: "2012-10-17"
          Statement:
            - Effect: "Allow"
              Action: "cognito-identity:GetOpenIdTokenForDeveloperIdentity"
              Resource: "*"
      Events:
        ApiEvent:
          Type: Api
          Properties:
            Path: /auth/bind
            Method: POST
            RestApiId: !Ref AuthBindApi
            Auth:
              Authorizer: CognitoAuthorizer

不要问我为什么...但是将所有 http 方法放在 AllowMethods 中就可以了：

AllowMethods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"