Access-Control-Allow-Origin header doesn't appear in response

0

Hi there!

I have a CORS problem with my application.

I have the following prerequisite:

  • Application is creating by serverless framework
  • route has lambda integration
  • route has cognito authenticator
  • route has response integration for 401 status "method.response.header.Access-Control-Allow-Origin": "'*'" and pattern "Unauthorized"
  • route has response integration "Access-Control-Allow-Origin"

When I try to make request, I've got 401 response with body

{ "message": "Unauthorized" }

but header "Access-Control-Allow-Origin" doesn't exist in response

Enter image description here

1 Antwort
1
Akzeptierte Antwort

Hi,

I think that in this case you should add the Access-Control-Allow-Origin header at the predefined API Gateway response section and not in your API method response, since it is the gateway who is responding for authorization failure before your method is executed.

profile picture
EXPERTE
beantwortet vor einem Monat
profile picture
EXPERTE
überprüft vor einem Monat
profile picture
EXPERTE
überprüft vor einem Monat
  • I have it for 401 status in tab "Method responses" enabled headers Access-Control-Allow-Origin

    CloudFormationPart

    { "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": true }, "ResponseModels": {}, "StatusCode": "401" }

  • Not on your method response, but in the API Gateway default responses. I recommend that you take a look at the link in the previous comment.

  • Thank you! Sorry, didn't read it carefully. But why, even if I put extra header in method response header still didn't present in response?

  • maybe response from authorizer avoid response integration step

  • Exactly, when the API fails because the authorizer or request validation, among others, your method is not executed and the API gateway returns the appropriate default response.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen