問題描述
我遇到了與谷歌云有關(guān)的 CORS 相關(guān)問題,該服務(wù)運行在
需要身份驗證.
I'm having a CORS related issue with google cloud run on a service that
requires authentication.
如果我嘗試通過 cli 使用 Bearer 令牌執(zhí)行 curl 命令,
一切正常.不幸的是,如果我嘗試在 javascript 中通過 ajax 執(zhí)行相同的調(diào)用,
我收到了 403.
If I try to execute a curl command through the cli, with a Bearer token,
everything works fine.
Unfortunately if I try to execute the same call through ajax in javascript,
I receive a 403.
const http = new XMLHttpRequest();
const url = 'https://my-app.run.app';
http.open("GET", url);
http.withCredentials = true;
http.setRequestHeader("authorization", 'Bearer ' + id_token);
http.send();
http.onreadystatechange = (e) => {
console.log(http.responseText)
}
云運行日志中的錯誤是這樣的:
The error in the cloud run logs is this :
The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header. Read more at https://cloud.google.com/run/docs/securing/authenticating
容器永遠(yuǎn)不會被擊中.
我看到的問題是,當(dāng)我在網(wǎng)絡(luò)中使用 ajax 進行調(diào)用時
瀏覽器.網(wǎng)絡(luò)瀏覽器正在發(fā)出飛行前請求(
url )而不發(fā)送授權(quán)標(biāo)頭(這是預(yù)期的
行為)
The issue I'm seeing is that, as I'm making the call using ajax, in a web
browser. The web browser is making a pre flight request ( OPTIONS on the
url ) without sending the Authorization header ( which is an expected
behavior )
問題似乎是云運行嘗試驗證 OPTIONS
請求并且永遠(yuǎn)不會到達(dá)我的容器,據(jù)我所知,
不應(yīng)該這樣做.(
https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 )
The problem seems to be that cloud run tries to authenticate the OPTIONS
request and never makes it to my container, which, as far as I understand,
shouldn't be done. (
https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 )
這是云運行的已知問題嗎?
Is that a known issue with cloud run ?
如何向經(jīng)過身份驗證的云運行服務(wù)發(fā)出 ajax 請求?
How could I make an ajax request to an authenticated cloud run service ?
推薦答案
(Cloud Run PM)
(Cloud Run PM)
這是一個已知問題.有幾個選項:
This is a known issue. There are a few options:
- 允許未經(jīng)身份驗證的請求并自行執(zhí)行 CORS/身份驗證
- Allow unauthenticated requests and do CORS/auth yourself
- 使用 Cloud Endpoints 在Cloud Run 在您的計算機前運行.讓 Endpoints 對您的最終用戶進行身份驗證,然后將請求轉(zhuǎn)發(fā)到您的后端.
- There is a variation of this that uses Cloud Endpoints running on Cloud Run in front of your compute. Have Endpoints do your end-user auth, then forward the request to your backend.
我們已經(jīng)考慮實施 Istio CORSPolicy,它將在身份驗證檢查之前返回 CORS 標(biāo)頭,盡管我們目前還沒有承諾.
We've considered implementing Istio CORSPolicy, which would return CORS headers before the auth check, though we're not committed to this as of now.
這篇關(guān)于對需要身份驗證的云運行服務(wù)的 Ajax 請求的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網(wǎng)!