4

I'm troubleshooting a CORS issue and am currently analyzing the preflight headers.

I'm using an "HTTP" API in aws apigateway (different from what apigateway calls a "REST" api) to connect to a lambda function using the "lambda function" apigateway integration type.

It seems that no matter what I set in the CORS menu for HTTP apis, the preflight Response just doesn't have the headers I think I've enabled.

enter image description here

In the image below from devtools network tab, it's clear that apigateway is responding (hence the apigw-requestid). However, I would expect the Access-Control-Allow-Origin header to be returned too. No such luck.

enter image description here

My $default stage is set to autodeploy.

I have a proper route and integration attached to the lambda, along with the proper http verb (POST in my case).

There's no authorization set.

I've tried returning the proper headers in my lambda itself, but as the aws documentation says, apigateway ignores them and writes its own stuff. (the lambda wasn't even contacted unless I added an OPTIONS route .. which seems unnecessary anyway)

Yes, there are many such questions here, but most direct you to apigateway "REST" apis, not "HTTP."

Improve this question
3
  • 4
    I found a workaround. Disable any CORS settings on the apigateway, set up an OPTIONS route in addition to my POST route. Then just handled all the headers inside the lambda itself. Why the CORS menu inside apigateway doesn't actually offer the headers you choose in its menus (yet still removes CORS headers from your lambda return) is still a mystery, but I'm sick of searching. Commented Sep 6, 2021 at 17:45
  • 2
    I have also solved the problem with separate OPTIONS route. For the fellow developers out there, don't use cors settings on HTTP API. Commented Dec 29, 2021 at 5:24
  • Wow, I've ran into the same issue repost.aws/questions/QUpGUTSs0cTaSjcxxtmCAxZQ/…. I'm pretty frustrated about this one. I would like understand why CORS in API Gateway doesn't work for HTTP gateways with Lambda integrations. In any case, does this mean for each of my routes I have to setup a OPTIONS route? @StayCool @hahuaz Commented Jan 4, 2024 at 15:54

1 Answer 1

Reset to default
0

I have also encountered this problem. I was using Axios and a GET request was working fine, but a PUT request was giving me a CORS error. I had configured CORS in the API Gateway exactly the same as you. Postman was working fine for PUT and GET.

I added the below to my lambda headers and added a route in API Gateway.

headers = {
    "Content-Type": "application/json",
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Methods": "OPTIONS, GET, PUT",
    "Access-Control-Allow-Headers": "*"
  };

Note that Access-Control-Allow-Methods could not be a * for Safari as it's not supported: Access Control Allow Methods.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.