By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

403 CORS Error ONLY on work Laptop and not personal

0

Hi All, I am getting a 403 CORS error from an API Gateway endpoint ONLY when i use my work laptop. **On my personal laptop everything works fine. ** I checked the with the local IT team and they said there is no firewall policy or anything that prevents CORS. Also i tried installing and enabling chrome extension for CORS on my work laptop. It did not work.

Here is the error Access to fetch at 'xyz' from origin 'abc' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

In response header i see

x-amzn-errortype: ForbiddenException
access-control-allow-origin: *
access-control-allow-methods: PUT, GET, HEAD, POST, DELETE, OPTIONS
content-type: application/json
x-amzn-apigw-id: 12344..

The surprising thing is it happens only on work laptop, Has anyone faced this issue before?

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content Delivery
Tags
AWS LambdaAmazon API GatewayAWS Cloud MapAWS Serverless Application RepositoryAmazon CloudFront
Language
English
rePost-User-4789307
asked 2 years ago1474 views
1 Answer
0

When you are calling the API from your personal laptop, it is going over the public internet while when you are calling it from your work laptop, it is possible that the request is going from your corporate network to AWS over DirectConnect or VPN. And possibly some other issue is manifesting itself as a CORS issue because the request is not going to your backend but instead a Gateway response is being returned by API Gateway and CORS has not been configured properly for Gateway responses. You can get more information by looking at the developer tools on your browser to check the request and response parameters for the failed API request. Can you check this AWS Support Knowledge Center article to ensure CORS is configured correctly for your API, including for Gateway responses - https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cors-errors/#:~:text=Cross%2DOrigin%20Resource%20Sharing%20(CORS,to%20meet%20the%20CORS%20standard.

profile pictureAWS
EXPERT
Indranil Banerjee AWS
answered 2 years ago
  • rePost-User-4789307
    2 years ago

    Thank you, with AWS support i did confirm that issue was VPN. Once i turned off VPN, everything worked fine. The question i have is , is turning off VPN the only solution?

  • Indranil Banerjee AWS EXPERT
    2 years ago

    I am not sure why VPN would need to be turned off. VPN is a valid way to connect from on-prem network to AWS. Did AWS Support provide more details on what the real issue is? Are you using custom domain names for the API Gateway? The real problem is probably somewhere else and not in the use of VPN by itself?

  • rePost-User-4789307
    2 years ago

    Thank you for the response. yes we do use custom domain names. The other thing i noticed was the request from work laptop does not even reach the API gateway without turning off VPN. Checked using cloudwatch logs. What else you think could be the issue here? yes i agree turning off VPN is not the correct solution

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content