发布请求的 Elastic Beanstalk CORS 配置

Question

我从本地主机提交发布请求时收到以下错误 -

XMLHttpRequest cannot load http://sample-env.elasticbeanstalk.com/resource 
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://localhost:8080' is therefore not allowed access

但是，在我的 S3 实例的 CORS 配置编辑器中，我有以下内容 -

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedOrigin>http://*</AllowedOrigin>
    <AllowedOrigin>https://*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>

我已经尝试过这三行，但我仍然无法诊断问题。

    <AllowedOrigin>*</AllowedOrigin>
    <AllowedOrigin>http://*</AllowedOrigin>
    <AllowedOrigin>https://*</AllowedOrigin>

我的开发者控制台显示以下标题，这让我觉得这个 CORS 配置甚至没有被读取 -

HTTP/1.1 200 OK
Date: Fri, 21 Apr 2017 02:48:01 GMT
Server: Apache-Coyote/1.1
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Content-Length: 0
Keep-Alive: timeout=60, max=98
Connection: Keep-Alive
Content-Type: text/plain

是否有人发现我的配置有问题，或者是否有其他必须添加的内容？我能够将 CORS 过滤器添加到我的 tomcat 的 web.xml 并且一切正常，所以我认为我的弹性豆茎配置不正确。

编辑

添加了以下 .config 文件（以前为 .yaml）

add_cors.config.config

files:
"/etc/httpd/conf.d/cors.conf" :
    mode: "000644"
    owner: root
    group: root
    content: |
        <Location "/">
            Header set Access-Control-Allow-Origin: *
            Header set Access-Control-Allow-Methods: "POST, GET, PUT, DELETE, OPTIONS"
            Header add Access-Control-Allow-Headers: "Authorization, Content-Type, Accept"
            Header set Access-Control-Allow-Credentials: true

            SetOutputFilter DEFLATE
        </Location>

而且是在爆炸战争中的这个位置——

.
├── app.war
├── .ebextensions
│   ├── add_cors.config.yaml
├── META-INF
│   ├── …
└── WEB-INF
    ├── classes
    │   └── …
    ├── servlet.xml
    ├── lib
    │   ├── …
    └── web.xml

我重新部署了战争，但我仍然遇到同样的错误 - “不存在'Access-Control-Allow-Origin'标头”

解决方案

不需要 .ebextensions 文件。我只需要像在我的 tomcat 的 conf/web.xml 中那样将 CORS 过滤器添加到 web.xml 中

  <!-- ================== CORS FILTERS ===================== -->
  <filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
      <param-name>cors.allowed.origins</param-name>
      <param-value>*</param-value>
    </init-param>
    <init-param>
      <param-name>cors.allowed.methods</param-name>
      <param-value>GET,POST,HEAD,OPTIONS</param-value>
    </init-param>
    <init-param>
      <param-name>cors.allowed.headers</param-name>
      <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
    </init-param>
    <init-param>
      <param-name>cors.exposed.headers</param-name>
      <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
    <init-param>
      <param-name>cors.support.credentials</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>cors.preflight.maxage</param-name>
      <param-value>10</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

Answer 1

我对 AWS EB 了解不多，但假设在 tomcat 前面有一个 apache 反向代理，看起来您可以使用 ebextensions 并在那里添加 CORS 标头信息。看到这个：

https://forums.aws.amazon.com/message.jspa?messageID=570570

和

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers.html