By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Requests to API Gateway fail with CORS error if I add headers.

0

I have an API gateway which is integrated with Lambda. It was working fine so far while accessing from my localhost, but after adding Authorization (or any other) headers to the request, I get the following errors Access to XMLHttpRequest at 'https://******.amazonaws.com/prod/api/chat?id=****' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status. Enter image description here

Here is the code snippet

const apiResponse = await axios.post(
          `https://******.amazonaws.com/prod/api/chat?id=${this.$route.params.p}`,
          response.data,
          {
            headers: {
              'Authorization': `Bearer some-token-here`,
            }
          }
        )

I believe my CORS configuration should allow headers through, but it doesn't work. Enter image description here Enter image description here Enter image description here Enter image description here

Please advise

  • hakanson
    a month ago

    The screenshots are too small / not readable to review if Access-Control-Allow-Headers includes "Authorization". Can you add those as text into the question?

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content Delivery
Tags
AWS LambdaAmazon API Gateway
Language
English
vc2301
asked a month ago342 views
2 Answers
1

Hello,

The CORS error you're experiencing when adding headers is likely due to the configuration on AWS API Gateway not matching the requirements of your application's requests. Ensure that:

  1. CORS is enabled on your API Gateway.
  2. The Lambda function returns the necessary CORS headers if you're using Lambda Proxy Integration.
  3. The OPTIONS preflight response is correctly configured in API Gateway to include CORS headers.

After making any changes, redeploy your API for the updates to take effect. If the issue persists, verify the request headers and consult CloudWatch Logs for further debugging.

profile picture
Vitor Castellani
answered a month ago
profile picture
EXPERT
Osvaldo Marte
reviewed a month ago
1

This error might be occurring because your API Gateway is not configured to handle CORS for requests with custom headers like Authorization. When you add custom headers to your request, the browser sends a preflight request (an HTTP OPTIONS request) to the server to check if the actual request is allowed. Your API Gateway needs to respond to this preflight request with the appropriate CORS headers.

Solution: Enabling CORS for a REST API resource

profile picture
EXPERT
Osvaldo Marte
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content