By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Questions about CORS on HTTP (Api Gateway V2) APIs: HTTP_PROXY integrations

0

The V2 Api Gateway documentation says: "You can enable CORS and configure authorization for any route of an HTTP API." Yet the command to set up CORS only operates on the API ID (aws apigatewayv2 update-api --api-id api-id --cors-configuration...) which seems counter to the statement?

Also, I don't quite understand how CORS applies to HTTP_PROXY integrations. It would make sense that CORS would be handled by the destination route. Indeed that seems to be the case. I route my proxy to http://httpbin.org and call it (through my ApiEndpoint) without setting up CORS. Given that, why would you want to set CORS on the proxy API? To handle cases where the destination doesn't support CORS?

Is there any more detailed documentation/examples on how this actually works? Or, examples of why your would want to apply your own CORS handling to proxy integrations?

Topics
ServerlessFront-End Web & MobileNetworking & Content Delivery
Tags
Amazon API Gateway
Language
English
Los Alamos Al
asked 2 years ago687 views
1 Answer
0
Accepted Answer

Hi There

Looking at your documentation provided, it says:

When you enable CORS and authorization for the $default route, there are some special considerations. The $default route catches requests for all methods and routes that you haven't explicitly defined, including OPTIONS requests. Now, the CLI example provided is the basic for enabling CORS on the $default route, which takes care of all the other routes.

Looking at the documentation for the APIv2 CLI, you can use the --route-selection-expression parameter.

The route selection expression for the API. For HTTP APIs, the routeSelectionExpression must be ${request.method} ${request.path}. If not provided, this will be the default for HTTP APIs. This property is required for WebSocket APIs.

So if you would like to add CORS to a specific route, your CLI would look something like this:

aws apigatewayv2 update-api --api-id api-id --route-selection-expression ${request.method} ${request.path} --cors-configuration AllowOrigins="https://www.example.com"

Hope that helps.

profile pictureAWS
SUPPORT ENGINEER
BazzieB_AWS
answered 2 years ago
  • Los Alamos Al
    2 years ago

    Thanks for taking the time to answer this. I'll make this the accepted answer as it's easy to test the two versions of aws apigatewayv2 update-api on an existing API.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content