英文:
Azure: Error thrown when following official doc to set up inbound policies for APIM
问题
我按照此 文档 上的步骤进行操作,但在保存策略编辑器下的 "入站处理" 和代码视图按钮 "</>" 时出现了以下错误:
一个或多个字段包含不正确的值:
元素 'cors' 中的错误,位于第2行,第5列:策略部分不允许在指定的范围内
元素 'validate-jwt' 中的错误,位于第16行,第5列:策略部分不允许在指定的范围内
元素 'rate-limit-by-key' 中的错误,位于第24行,第5列:策略部分不允许在指定的范围内
以下是代码:
<inbound>
<cors allow-credentials="true">
<allowed-origins>
<origin>https://devjohn1.z11.web.core.windows.net/</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="120">
<method>GET</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-expiration-time="true" require-signed-tokens="true" clock-skew="300">
<openid-config url="https://devjohn1.b2clogin.com/devjohn1.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_myapp_frontend_devjohn1_signupandsignin" />
<required-claims>
<claim name="aud">
<value>56f39849-19eb-49d6-qweqw-123123123</value>
</claim>
</required-claims>
</validate-jwt>
<rate-limit-by-key calls="300" renewal-period="120" counter-key="@(context.Request.IpAddress)" />
<rate-limit-by-key calls="15" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</inbound>
可能出了什么问题?我只是按照步骤进行操作...
英文:
I followed steps on this doc precisely, but got this error when saving the policy editor Under "Inbound processing" and code view button "</>":
One or more fields contain incorrect values:
Error in element 'cors' on line 2, column 5: Policy section is not allowed in the specified scope
Error in element 'validate-jwt' on line 16, column 5: Policy section is not allowed in the specified scope
Error in element 'rate-limit-by-key' on line 24, column 5: Policy section is not allowed in the specified scope
here is the code:
<inbound>
<cors allow-credentials="true">
<allowed-origins>
<origin>https://devjohn1.z11.web.core.windows.net/</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="120">
<method>GET</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-expiration-time="true" require-signed-tokens="true" clock-skew="300">
<openid-config url="https://devjohn1.b2clogin.com/devjohn1.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_myapp_frontend_devjohn1_signupandsignin" />
<required-claims>
<claim name="aud">
<value>56f39849-19eb-49d6-qweqw-123123123</value>
</claim>
</required-claims>
</validate-jwt>
<rate-limit-by-key calls="300" renewal-period="120" counter-key="@(context.Request.IpAddress)" />
<rate-limit-by-key calls="15" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</inbound>
What can be wrong? I was just following the steps....
答案1
得分: 1
我已经尝试在我的环境中重现了这个问题,并获得了与下面相同的错误-
> 一个或多个字段包含不正确的值:
> - 第2行,第10列的'cors'元素中存在错误:在指定的范围内不允许策略部分
> - 第16行,第10列的'validate-jwt'元素中存在错误:在指定的范围内不允许策略部分
> - 第24行,第10列的'rate-limit-by-key'元素中存在错误:在指定的范围内不允许策略部分
每当您尝试以以下方式保存策略时,都会收到错误消息
在创建了新的API后,单击APIM中的入站策略代码编辑器
单击后,您将获得默认的策略模板。将入站策略粘贴到<inbound></inbound>标记中,保持其他标记不变。
在对现有策略进行了一些修改之后,我能够保存它。将<inbound></inbound>保留在<policies></policies>中。
<policies>
<inbound>
<cors allow-credentials="true">
<allowed-origins>
<origin>https://devjohn1.z11.web.core.windows.net/</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="120">
<method>GET</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-expiration-time="true" require-signed-tokens="true" clock-skew="300">
<openid-config url="https://devjohn1.b2clogin.com/devjohn1.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_myapp_frontend_devjohn1_signupandsignin" />
<required-claims>
<claim name="aud">
<value>56f39849-19eb-49d6-qweqw-123123123</value>
</claim>
</required-claims>
</validate-jwt>
<rate-limit-by-key calls="300" renewal-period="120" counter-key="@(context.Request.IpAddress)" />
<rate-limit-by-key calls="15" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
英文:
I have tried to reproduce the issue at my environment and got the same error as below-
> One or more fields contain incorrect values:
> - Error in element 'cors' on line 2, column 10: Policy section is not allowed in the specified scope
> - Error in element 'validate-jwt' on line 16, column 10: Policy section is not allowed in the specified scope
> - Error in element 'rate-limit-by-key' on line 24, column 10: Policy section is not allowed in the specified scope
Whenever you will try to save the policies in the following manner, you will be get the error
After creating the new API in APIM click on the inbound policy code editor
After clicking, you will get the default policy template. Paste your inbound policies within <inbound></inbound> keeping other tags as is.
After few modification in your existing policy, I am able to save it. Keep <inbound></inbound> within <policies></policies>.
<policies>
<inbound>
<cors allow-credentials="true">
<allowed-origins>
<origin>https://devjohn1.z11.web.core.windows.net/</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="120">
<method>GET</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-expiration-time="true" require-signed-tokens="true" clock-skew="300">
<openid-config url="https://devjohn1.b2clogin.com/devjohn1.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_myapp_frontend_devjohn1_signupandsignin" />
<required-claims>
<claim name="aud">
<value>56f39849-19eb-49d6-qweqw-123123123</value>
</claim>
</required-claims>
</validate-jwt>
<rate-limit-by-key calls="300" renewal-period="120" counter-key="@(context.Request.IpAddress)" />
<rate-limit-by-key calls="15" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)" />
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论