从另一个域调用应用程序引擎(jetty @WebServlet)会出错。在日志中,我看到“预检”成功结果,但未到达 servlet 代码(第一行的打印输出未出现在日志中)。从浏览器进行调用是可行的。不涉及授权。在 app.yaml 中尝试 CORS,没有成功。不是自定义域
对代码的角度调用:
public getNewCatalogObject(id: string): Observable<any> {
//const cataloginfoshttp = environment.apiURL + '/' + CatalogInfo + '?catalogname=' + id;
const cataloginfoshttp = environment.apiURL+ '/' + CatalogInfo;
const params = new HttpParams().set('catalogname',id);
const headerdata = new HttpHeaders()
.set('Access-Control-Allow-Origin', '*')
.set('Access-Control-Allow-Methods','GET')
.set('Access-Control-Allow-Headers','Content-Type');
alert("OntologycatalogService without params: " + cataloginfoshttp);
alert("OntologycatalogService params: " + params.toString());
return this.httpClient.get(cataloginfoshttp,{ 'params': params, 'headers': headerdata })
Webservlet 代码:
@WebServlet(name = "CatalogInformationServlet", urlPatterns = { "/cataloginfo" })
public class CatalogInformationServlet extends HttpServlet {
private static final Logger logger = Logger.getLogger(CatalogInformationServlet.class.getName());
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
logger.info("CatalogInformationServlet");
来自谷歌应用程序的预检日志
{
"protoPayload": {
"@type": "type.googleapis.com/google.appengine.logging.v1.RequestLog",
"appId": "e~blurock-database",
"versionId": "2",
"requestId": "660fa92c00ff0ba0838e379e6f0001657e626c75726f636b2d6461746162617365000132000100",
"ip": "212.247.157.170",
"startTime": "2024-04-05T07:33:00.777537Z",
"endTime": "2024-04-05T07:33:00.786930Z",
"latency": "0.009393s",
"megaCycles": "188",
"method": "OPTIONS",
"resource": "/cataloginfo?catalogname=dataset:ThermodynamicContributions",
"httpVersion": "HTTP/1.1",
"status": 200,
"responseSize": "152",
"referrer": "http://localhost:4200/",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0",
"urlMapEntry": "auto",
"host": "blurock-database.ew.r.appspot.com",
"instanceIndex": -1,
"finished": true,
"instanceId": "00a22404dc913688c9e38d2629cbacea000cd13536d1f9f80d60c2b1277a5df1d41f6afb14979e602dd05cb917c3b4e549604721c4b8ed59aefae040a2b7f9e71d67",
"appEngineRelease": "1.9.71",
"traceId": "c2a4b7970a7899c6b6b8ddc84334ef73",
"first": true,
"spanId": "10870129278550620427"
},
"insertId": "660fa92c000c0273cf4bdb2d",
"httpRequest": {
"status": 200
},
"resource": {
"type": "gae_app",
"labels": {
"zone": "eu6",
"version_id": "2",
"module_id": "default",
"project_id": "blurock-database"
}
},
"timestamp": "2024-04-05T07:33:00.777537Z",
"labels": {
"clone_id": "00a22404dc913688c9e38d2629cbacea000cd13536d1f9f80d60c2b1277a5df1d41f6afb14979e602dd05cb917c3b4e549604721c4b8ed59aefae040a2b7f9e71d67"
},
"logName": "projects/blurock-database/logs/appengine.googleapis.com%2Frequest_log",
"operation": {
"id": "660fa92c00ff0ba0838e379e6f0001657e626c75726f636b2d6461746162617365000132000100",
"producer": "appengine.googleapis.com/request_id",
"first": true,
"last": true
},
"trace": "projects/blurock-database/traces/c2a4b7970a7899c6b6b8ddc84334ef73",
"receiveTimestamp": "2024-04-05T07:33:00.903523715Z",
"spanId": "10870129278550620427"
}
尝试将 CORS 添加到 app.yaml 处理程序失败:
- url: /cataloginfo
login: optional
secure: optional
static_dir: /__static__
http_headers:
Access-Control-Allow-Origin: "*"
Access-Control-Allow-Methods: "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers: "Content-Type, Authorization"
Access-Control-Max-Age: "3600"
你的假设是正确的。 IAP 默认禁用 CORS。启用相同的功能将解决该问题。 本文档中已经讨论过:
每个 App Engine 服务都有不同的子域,这会使服务之间的 JavaScript 请求发生跨源请求。当浏览器检测到 CORS 请求时,它首先向端点发送 OPTIONS(预检)请求,然后再发送实际请求,只有当预检请求的响应包含 access-control-allow-origin 标头时,才会发送实际请求包含原始域或通配符 * 的值。有关 CORS 的更多信息可以在此处找到。 IAP 默认禁用 CORS。启用相同功能将解决该问题。
您可以按照
此公共文档在 IAP 上启用
HTTP OPTIONS
(CORS 预检)请求。