2

I've setup an AWS lambda function which returns some data and then an API gateway a POST method , and then setup API gateway pointing to it (no authorization).

I want to allow access from any origin. I believe I've setup my CORS headers and api gateway appropriately, but I'm still getting a preflight response error.

I've added the headers to the lambda function:

exports.handler = async (event) => {


return   { 
    statusCode: 200, 
    headers: { 
        "Access-Control-Allow-Headers": "*",
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Methods": "*",
        "Access-Control-Allow-Credentials": true,
        'Content-Type': 'application/json' 
    }, 
    body: JSON.stringify({})
}

};

In API gateway, I've enabled CORS which created the OPTIONS method for the preflight response using MOCK integration type.

CORS enabled

I've confirmed my POST request works in postman.

However, on client side I get the preflight request error:

Access to fetch at '[API Gateway URL]' from origin 'MY WEBSITE' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Checking the network log, the OPTIONS endpoint is returning HTTP 500 error and I cant figure out what is wrong with my configuration in API gateway. The endpoint returns 200 when I test it in API gateway. Am I missing some configuration step to configure CORS?

enter image description here

Improve this question
1
  • Hi corycorycory, did you found any solution/alternative? Commented Jul 13, 2023 at 15:42

1 Answer 1

Reset to default
5

Finally, found the implementation steps from the the AWS API gateway docs. I integrated the same and it is working as expected.

As per docs, we have to create dedicated route to manage preflight request when we configured CORS in the API Gateway.

Here are the high level steps to "Configuring CORS for an HTTP API"

  1. Create dedicated route with "OPTIONS" method
  2. Route name should "/{proxy+}"
  3. Make sure other route not configured with "ANY" method. Otherwise priority will go which the route configured with "ANY" method
  4. Don't attach any authentication with the above route
  5. Create dedicated lambda function for the route to return 200 response code and attach it in the integration of the route (refer the below screen shots)
  6. Add the code like below in the lambda function

export const handler = async (event) => {
    const response = {
        statusCode: 200,
        headers: {
            "Access-Control-Allow-Headers" : "Content-Type",
            "Access-Control-Allow-Origin": "https://www.example.com",
            "Access-Control-Allow-Methods": "OPTIONS,POST,GET"
        },
        body: JSON.stringify('Hello from Lambda!'),
    };
    return response;
};

Please refer here for more about the headers.

FYR, Attached screenshot of the API Gateway route

enter image description here

Preflight Request Handler (Lambda function)

enter image description here

Preflight request success in the application

enter image description here

For more details about the implementation refer here.

About API routing refer here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.