ERROR Enabling AWS Gateway API CORS in nodejs via npm module @aws-sdk/client-api-gateway

0

Code i'm trying to run and Error that i'm getting. End result: I need to programmatically enable CORS on newly set up Lambda functions in API Gateway on ALL methods (GET, POST, PUT, DELETE). Lambda functions are setup elsewhere. I need to be able to specify the value for originating domain, for example https://store-fjg39dmf4s.mybigcommerce.com/

Error setting CORS headers: BadRequestException: Invalid mapping expression specified: Validation Result: warnings : [], errors : [Invalid mapping expression parameter specified: method.response.header.Access-Control-Allow-Methods]

Enter image description here

Following the example from here https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/api-gateway/command/PutIntegrationResponseCommand/ I'm not clear what format it's suppose to be in.

Enter image description here

Current Methods and Lambda set up on AWS

Enter image description here Enter image description here

2 Risposte
1

Hello,

To begin with your problem statement, I can see that you are trying to achieve to enable CORS programmatically on newly set up Lambda functions in API Gateway on ALL methods (GET, POST, PUT, DELETE). The Lambda functions are setup elsewhere. And you need to be able to specify the value for originating domain, but you are encountering "Error setting CORS headers: BadRequestException: Invalid mapping expression specified: Validation Result: warnings : [], errors : [Invalid mapping expression parameter specified: method.response.header.Access-Control-Allow-Methods]"

The error you’re encountering with the CORS headers in your AWS API Gateway configuration seems to be related to the mapping expressions. we can troubleshoot it step by step:

  1. Invalid Mapping Expression Parameter:
    • The error message indicates that there’s an issue with the mapping expression parameter method.response.header.Access-Control-Allow-Methods.
    • Double-check the syntax and ensure that it’s correctly specified.
  2. Method Response Headers:
    • Before defining headers in the integration response, make sure you’ve already defined them in the method response.
    • Headers should be set up in the method response before they are referenced in the integration response.
  3. Lambda Proxy Integration:
    • If you’re using Lambda proxy integration, add the 'Access-Control-Allow-Origin': '*' header directly to your Lambda function.
    • Alternatively, consider turning off Lambda proxy integration and enabling CORS again (then deploy).
  4. Swagger/OpenAPI Version:
    • Ensure that you’re using the correct version of Swagger/OpenAPI (e.g., 2.0 or 3.0.1).
    • If you’re mixing versions, it can lead to unexpected behaviour.
  5. Quotes and Asterisks:
    • When setting a value like '' for Access-Control-Allow-Origin, use double quotes within single quotes: "'""'"
    • For example: 'method.response.header.Access-Control-Allow-Origin': "'*'"
  6. Check Exported Swagger File:
    • Compare the exported Swagger file with what you see in the browser UI.
    • Confirm that the headers match between the two.

You can follow the below template for a proxy integration to omit any errors.

[+] https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html#apigateway-enable-cors-proxy : Enabling CORS for a REST API resource - Enabling CORS support for proxy integrations

This should ideally resolve the Invalid mapping expression parameter specified: method.response.header.Access-Control-Allow-Methods error.

If you want to allow all HTTP methods (GET, POST, PUT, DELETE), you can update the Access-Control-Allow-Methods value to include those methods, separated by commas: 'GET,POST,PUT,DELETE,OPTIONS'.

Second Scenario if you are using a Non Proxy Integration:

API Gateway creates an OPTIONS method and adds the Access-Control-Allow-Origin header to your existing method integration responses. This doesn’t always work, and sometimes you need to manually modify the integration response to return the Access-Control-Allow-Origin header for all CORS-enabled methods for at least all 200 responses.

To answer your other query "Following the example from here https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/api-gateway/command/PutIntegrationResponseCommand/ I'm not clear what format it's suppose to be in."

The AWS SDK for JavaScript v3 (AWS SDK v3) uses a different syntax for defining parameters compared to the previous versions of the SDK. The example you linked is showing the correct format for defining parameters for the PutIntegrationResponseCommand in the AWS SDK v3.

In the AWS SDK v3, you need to define the parameters as an object literal, where each property corresponds to a parameter of the command. The structure of the object follows the input shape defined in the API reference for the specific command.

For the PutIntegrationResponseCommand, the input shape is defined in the API reference: https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-api-gateway/interfaces/putintegrationresponseinput.html

Additionally in the error shared we can also see "errors : [Invalid mapping expression parameter specified: method.response.header.Access-Control-Allow-Methods]", typically occurs when you are trying to configure the Access-Control-Allow-Methods response header in an Amazon API Gateway API.

In case you have additional queries or follow-up queries or if the problem still persists regarding AWS API Gateway or Lambda, we may require details that are non-public information to assist you better. Please open a support case with AWS using the following link.

AWS
con risposta un mese fa
0

I didn't realize that with Proxy Integration CORS headers need to be specified in Lambda function directly. Thanks

Enter image description here

Yuriy
con risposta un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande