問題描述

我遇到了與谷歌云有關的 CORS 相關問題，該服務運行在
需要身份驗證.

I'm having a CORS related issue with google cloud run on a service that
requires authentication.

如果我嘗試通過 cli 使用 Bearer 令牌執行 curl 命令，
一切正常.不幸的是，如果我嘗試在 javascript 中通過 ajax 執行相同的調用，
我收到了 403.

If I try to execute a curl command through the cli, with a Bearer token,
everything works fine. Unfortunately if I try to execute the same call through ajax in javascript,
I receive a 403.

  const http = new XMLHttpRequest();
  const url = 'https://my-app.run.app';

  http.open("GET", url);
  http.withCredentials = true;
  http.setRequestHeader("authorization", 'Bearer ' + id_token);
  http.send();
  http.onreadystatechange = (e) => {
    console.log(http.responseText)
  }

云運行日志中的錯誤是這樣的:

The error in the cloud run logs is this :

The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header. Read more at https://cloud.google.com/run/docs/securing/authenticating

容器永遠不會被擊中.

我看到的問題是，當我在網絡中使用 ajax 進行調用時
瀏覽器.網絡瀏覽器正在發出飛行前請求(
url )而不發送授權標頭(這是預期的
行為)

The issue I'm seeing is that, as I'm making the call using ajax, in a web
browser. The web browser is making a pre flight request ( OPTIONS on the
url ) without sending the Authorization header ( which is an expected
behavior )

問題似乎是云運行嘗試驗證 OPTIONS
請求并且永遠不會到達我的容器，據我所知，
不應該這樣做.(
https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 )

The problem seems to be that cloud run tries to authenticate the OPTIONS
request and never makes it to my container, which, as far as I understand,
shouldn't be done. (
https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 )

這是云運行的已知問題嗎?

Is that a known issue with cloud run ?

如何向經過身份驗證的云運行服務發出 ajax 請求?

How could I make an ajax request to an authenticated cloud run service ?

推薦答案

(Cloud Run PM)

(Cloud Run PM)

這是一個已知問題.有幾個選項:

This is a known issue. There are a few options:

1. 允許未經身份驗證的請求并自行執行 CORS/身份驗證

1. Allow unauthenticated requests and do CORS/auth yourself

1. 使用 Cloud Endpoints 在Cloud Run 在您的計算機前運行.讓 Endpoints 對您的最終用戶進行身份驗證，然后將請求轉發到您的后端.

1. There is a variation of this that uses Cloud Endpoints running on Cloud Run in front of your compute. Have Endpoints do your end-user auth, then forward the request to your backend.

我們已經考慮實施 Istio CORSPolicy，它將在身份驗證檢查之前返回 CORS 標頭，盡管我們目前還沒有承諾.

We've considered implementing Istio CORSPolicy, which would return CORS headers before the auth check, though we're not committed to this as of now.

這篇關于對需要身份驗證的云運行服務的 Ajax 請求的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！