1

I have scoured over 25 SO posts about this but cannot find a solution to my problem. I have an API Gateway with an HTTP API + route that utilizes a Lambda function integration. From SO posts and AWS documentation, I am reading conflicting information:

  1. From the AWS documentation, I see

If you configure CORS for an API, API Gateway automatically sends a response to preflight OPTIONS requests, even if there isn't an OPTIONS route configured for your API. For a CORS request, API Gateway adds the configured CORS headers to the response from an integration.

If you configure CORS for an API, API Gateway ignores CORS headers returned from your backend integration.

This is exactly what I did; I configured my CORS as follows: photo

However, I still get the errors:

Access to fetch at 'https://domain.execute-api.aws-region.amazonaws.com/dev/upload' from
 origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight 
request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is 
present on the requested resource. If an opaque response serves your needs, set the 
request's mode to 'no-cors' to fetch the resource with CORS disabled.

From Cloudwatch, I can see the requests being sent to the API, but for some reason the header isn't properly configured. I do not understand this because I thought API Gateway should handle OPTIONS pre-flight requests for HTTP APIs. I cannot find out what I'm doing wrong.

Improve this question
1
  • Add a route for OPTIONS /{proxy+} but do not add an integration, nor any authorizer. Commented Jul 4, 2024 at 13:41

2 Answers 2

Reset to default
4

I had a similar issue, the preflight response had no CORS headers. I noticed that the preflight request included the header: Access-Control-Request-Headers: Content-Type

As soon I added Content-Type to the list of Access-Control-Allow-Headers in the HTTP API configuration it worked for me.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This was the problem I ran into. I had to set it lowercase. The javascript client was using the fetch command with Content-Type set. Without this, I had to make the Lambda handle the OPTIONS request, which wasn't ideal.
0

If you configure CORS for an API, API Gateway automatically sends a response to preflight OPTIONS requests

I think that rule doesn't work for the POST method, because I met the same issue. Then I tried to add an OPTIONS route manually, everything works well.

Route image

1

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.