Enable CORS with Google IAP

对着背影说爱祢 提交于 2019-12-06 07:53:32

问题


I'm are trying make an ajax call to my web api server from a third party JavaScript integration. However after enabling IAP on my API server, I'm unable to make the calls to my web apis from my integration server. I have added my integration server as Authorized JavaScript origins in the Client ID for Web application.

Below is the error.

Access to XMLHttpRequest at 'https://webapiserver.com/apiendpoint1' from origin 'https://myintegration.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Please let me know if there is other configuration missing at my end. Thanks.


回答1:


CORS requires unauthenticated OPTIONS request. Your API server needs to allow it, to do it, you need:

  1. Add code to your app that responds to the OPTIONS requests.
  2. Change the setting access_settings.cors_settings.allow_http_options to true so that IAP passes OPTIONS requests through to your application.

More information about customizing IAP in the official Google documentation.

This feature was not previously availible, and proposed workaround existed:

In the same GCP project create App Engine services:
- A UI server
- An API server

The UI server makes calls to the API server. To get around the CORS problem, use Routing with a dispatch file: https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed#routing_with_a_dispatch_file

Normally, when the UI server wants to call API server, it calls api-dot-MY_PROJECT.appspot.com 

In this workaround, the UI server calls itself with a specified path ("/api"): MY_PROJECT.appspot.com/api

Since the UI server is calling itself, CORS does not apply.


来源:https://stackoverflow.com/questions/53163761/enable-cors-with-google-iap

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!