By using AWS re:Post, you agree to the Terms of Use

Questions about CORS on HTTP (Api Gateway V2) APIs: HTTP_PROXY integrations


The V2 Api Gateway documentation says: "You can enable CORS and configure authorization for any route of an HTTP API." Yet the command to set up CORS only operates on the API ID (aws apigatewayv2 update-api --api-id api-id --cors-configuration...) which seems counter to the statement?

Also, I don't quite understand how CORS applies to HTTP_PROXY integrations. It would make sense that CORS would be handled by the destination route. Indeed that seems to be the case. I route my proxy to and call it (through my ApiEndpoint) without setting up CORS. Given that, why would you want to set CORS on the proxy API? To handle cases where the destination doesn't support CORS?

Is there any more detailed documentation/examples on how this actually works? Or, examples of why your would want to apply your own CORS handling to proxy integrations?

1 Answer
Accepted Answer

Hi There

Looking at your documentation provided, it says:

When you enable CORS and authorization for the $default route, there are some special considerations. The $default route catches requests for all methods and routes that you haven't explicitly defined, including OPTIONS requests. Now, the CLI example provided is the basic for enabling CORS on the $default route, which takes care of all the other routes.

Looking at the documentation for the APIv2 CLI, you can use the --route-selection-expression parameter.

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

So if you would like to add CORS to a specific route, your CLI would look something like this:

aws apigatewayv2 update-api --api-id api-id --route-selection-expression ${request.method} ${request.path} --cors-configuration AllowOrigins=""

Hope that helps.

profile picture
answered 3 months ago
  • Thanks for taking the time to answer this. I'll make this the accepted answer as it's easy to test the two versions of aws apigatewayv2 update-api on an existing API.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions