我按照此步骤 doc 进行操作准确地说,但是在“入站处理”和代码 View 按钮“”下保存策略编辑器时出现此错误:
One or more fields contain incorrect values:
Error in element 'cors' on line 2, column 5: Policy section is not allowed in the specified scope
Error in element 'validate-jwt' on line 16, column 5: Policy section is not allowed in the specified scope
Error in element 'rate-limit-by-key' on line 24, column 5: Policy section is not allowed in the specified scope
这是代码:
<inbound>
<cors allow-credentials="true">
<allowed-origins>
<origin>https://devjohn1.z11.web.core.windows.net/</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="120">
<method>GET</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-expiration-time="true" require-signed-tokens="true" clock-skew="300">
<openid-config url="https://devjohn1.b2clogin.com/devjohn1.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_myapp_frontend_devjohn1_signupandsignin" />
<required-claims>
<claim name="aud">
<value>56f39849-19eb-49d6-qweqw-123123123</value>
</claim>
</required-claims>
</validate-jwt>
<rate-limit-by-key calls="300" renewal-period="120" counter-key="@(context.Request.IpAddress)" />
<rate-limit-by-key calls="15" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</inbound>
可能出了什么问题?我只是按照步骤操作......
最佳答案
我尝试在我的环境中重现该问题,并得到了与下面相同的错误-
One or more fields contain incorrect values:
- Error in element 'cors' on line 2, column 10: Policy section is not allowed in the specified scope
- Error in element 'validate-jwt' on line 16, column 10: Policy section is not allowed in the specified scope
- Error in element 'rate-limit-by-key' on line 24, column 10: Policy section is not allowed in the specified scope
每当您尝试通过以下方式保存策略时,您都会收到错误
在 APIM 中创建新 API 后,单击入站策略代码编辑器
点击后,您将获得默认的策略模板。将您的入站策略粘贴到 <inbound></inbound> 内,保持其他标记不变。
对您现有的政策进行一些修改后,我可以保存它。将 <inbound></inbound> 保持在 <policies></policies> 之内。
<policies>
<inbound>
<cors allow-credentials="true">
<allowed-origins>
<origin>https://devjohn1.z11.web.core.windows.net/</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="120">
<method>GET</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-expiration-time="true" require-signed-tokens="true" clock-skew="300">
<openid-config url="https://devjohn1.b2clogin.com/devjohn1.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_myapp_frontend_devjohn1_signupandsignin" />
<required-claims>
<claim name="aud">
<value>56f39849-19eb-49d6-qweqw-123123123</value>
</claim>
</required-claims>
</validate-jwt>
<rate-limit-by-key calls="300" renewal-period="120" counter-key="@(context.Request.IpAddress)" />
<rate-limit-by-key calls="15" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
关于Azure:按照官方文档设置 APIM 入站策略时抛出错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76504917/