Already configured cors in my code, but after configuring Authorizer and calling api from frontend getting cors error.

0

I am trying to call my lambda function api from frontend, it was working fine until i added authorizer to it.

But after adding Authorizer to it, i am getting below error.

Note: I have configured cors in my template and passing allowed origin as response.

it works fine in Postman but giving error in browser

Cors error in console,

Below is my cloud formation template code

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Transform": "AWS::Serverless-2016-10-31",
  "Description": "An AWS Serverless Application.",
  "Resources": {

  "MyApi": {
    "Type": "AWS::Serverless::Api",
    "Properties": {
      "StageName": "Prod",
      "Auth": {
        "DefaultAuthorizer": "MyCognitoAuthorizer",
        "AddDefaultAuthorizerToCorsPreflight":"false",
        "Authorizers": {
          "MyCognitoAuthorizer": {
            "UserPoolArn": myUserPoolARN,
            "Identity": {
              "Header": "Authorization"
            }
          }
        }
      }
    }
  },

    "Get": {
      "Type": "AWS::Serverless::Function",
      "Properties": {
        "Architectures": [
          "x86_64"
        ],
        "Handler": "InventoryManager::InventoryManager.Lambdas.GetPalletFunction::Getpallet",
        "Role": null,
        "Policies": [
          "AWSLambdaBasicExecutionRole", "AWSLambdaVPCAccessExecutionRole"
        ],
         "Events": {
     
          "RootGet": {
            "Type": "Api",
            "Properties": {
              "Path": "/GetPallet/{palletId}",
              "Method": "GET",
                 "RestApiId": {
                "Ref": "MyApi"
              },
              "Auth":{
                  "Authorizer": "MyCognitoAuthorizer",
                  "AddDefaultAuthorizerToCorsPreflight":"false",
                    "AuthorizationScopes": ["aws.cognito.signin.user.admin"]
              }
            }
          }
        }
      }
    },
     "PlacePalletFunction": {
      "Type": "AWS::Serverless::Function",
      "Properties": {
        "Architectures": [
          "x86_64"
        ],
        "Handler": "InventoryManager::InventoryManager.Lambdas.PlacePalletFunction::PlacePallet",
        "Role": null,
        "Policies": [
          "AWSLambdaBasicExecutionRole", "AWSLambdaVPCAccessExecutionRole"
        ],
        "Events": {

          "RootPost": {
            "Type": "Api",
            "Properties": {
              "Path": "/PlacePallet",
              "Method": "POST",
                 "RestApiId": {
                "Ref": "MyApi"
              },
              "Auth":{
                  "Authorizer": "MyCognitoAuthorizer",
                    "AddDefaultAuthorizerToCorsPreflight":"false",
                    "AuthorizationScopes": ["aws.cognito.signin.user.admin"]
              }
            }
          }
        }
      }
    }
  },
  "Globals":{
    "Api":{
        "Cors":{
          "AllowOrigin": "'*'",
          "AllowHeaders": "'Content-Type,Authorization'",
          "AllowMethods": "'POST,GET,OPTIONS'"
        }
    },
      "Function":{
           "Runtime": "dotnet6",
            "CodeUri": "",
            "MemorySize": 256,
            "Timeout": 30,
            "VpcConfig": {
              "SecurityGroupIds": [ { "Fn::ImportValue": "InventoryManagerSecurityGroup" } ],
              "SubnetIds": [
                { "Fn::ImportValue": "InventoryManagerFirstSubnet" },
                { "Fn::ImportValue": "InventoryManagerSecondSubnet" }
              ]
            }
      }
  },
  "Outputs": {
    
  }
}
   
1 Answer
0

Hi,

it works in Postman because a preflight request is only sent by browsers and not by tools like Postman.

Preflight requests use OPTIONS type, so you may need to include the Origin header the Origin and Access-Control-Request-Method headers.

Aas example use the following curl command, which asks the Lambda Function URL whether it can make a cross origin request from http://example.com with a HTTP request method of POST

curl --location --request OPTIONS '<YOUR FURL HERE>'
--header 'Origin: http://example.com'
--header 'Access-Control-Request-Method: POST' -v

profile picture
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions