Ajax request to cloud run service that requires authentication

只谈情不闲聊 提交于 2019-12-04 01:38:55

问题


I'm having a CORS related issue with google cloud run on a service that
requires authentication.

If I try to execute a curl command through the cli, with a Bearer token,
everything works fine. Unfortunately if I try to execute the same call through ajax in javascript,
I receive a 403.

  const http = new XMLHttpRequest();
  const url = 'https://my-app.run.app';

  http.open("GET", url);
  http.withCredentials = true;
  http.setRequestHeader("authorization", 'Bearer ' + id_token);
  http.send();
  http.onreadystatechange = (e) => {
    console.log(http.responseText)
  }

The error in the cloud run logs is this :

The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header. Read more at https://cloud.google.com/run/docs/securing/authenticating

The container is never hit.

The issue I'm seeing is that, as I'm making the call using ajax, in a web
browser. The web browser is making a pre flight request ( OPTIONS on the
url ) without sending the Authorization header ( which is an expected
behavior )

The problem seems to be that cloud run tries to authenticate the OPTIONS
request and never makes it to my container, which, as far as I understand,
shouldn't be done. (
https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 )

Is that a known issue with cloud run ?

How could I make an ajax request to an authenticated cloud run service ?


回答1:


(Cloud Run PM)

This is a known issue. There are a few options:

  1. Allow unauthenticated requests and do CORS/auth yourself
    1. There is a variation of this that uses Cloud Endpoints running on Cloud Run in front of your compute. Have Endpoints do your end-user auth, then forward the request to your backend.
  2. Serve from the same domain (e.g. use the Firebase Hosting proxy)

We've considered implementing Istio CORSPolicy, which would return CORS headers before the auth check, though we're not committed to this as of now.



来源:https://stackoverflow.com/questions/55872735/ajax-request-to-cloud-run-service-that-requires-authentication

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!