2 Answers
- Newest
- Most votes
- Most comments
0
When API Gateway responds to an authentication or authorization error before passing the request to Lambda, it doesn't include the CORS headers. That makes the browser think it's a CORS error, even though it's actually an authentication/authorization error. To ensure CORS headers are included in the authentication error response from API Gateway, follow these steps:
- Catch the Error in API Gateway
- Customize Gateway Responses
-
- In the Response Headers section, you can add the headers needed for CORS. For example, you might add:
-
- Access-Control-Allow-Origin with the value set to '*' or your specific domain.
-
- Access-Control-Allow-Credentials with the value true if needed.
-
- Any other headers you'd typically add for CORS responses?
- Response Mapping Templates
- Re-deploy Your API
0
Thanks for the quick answer!
Unfortunately i can't find the settings to do that. For Lambda proxy integrations it seems that i can only do a parameter mapping. I've tried it already but can't save it: "Operations on header access-control-allow-origin are restricted"
In the meantime i have found a workaround which works for me:
- Modified the cloud front distribution of my App and added a new origin and behavior.
- It forwards everything from /api/* to my api gateway. Since the requests are being done from the same domain, i have no CORS issues anymore.
- M2M requests are still directly targeting my api gateway since i don't need CORS headers in that case.
Thanks and regards
answered 9 months ago
Relevant content
- asked a year ago
- asked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago