Hi everyone,
I setup CORS using SAM a few weeks ago and it was working fine until I today. Now, I keep getting Access to XMLHttpRequest at 'abc' from origin 'xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I have this in my template.yaml file:
Globals:
Api:
Cors:
AllowMethods: "'GET,POST,OPTIONS'"
AllowHeaders: "'Content-Type'"
AllowOrigin: "'*'"
and in my lambda function, I'm returning the the headers like so:
return {
"statusCode": 200,
'headers': {
'Access-Control-Allow-Headers': 'Content-Type',
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'OPTIONS,GET'
},
"body": json.dumps(
{
"message": response,
}
),
}
but I'm still getting Access to XMLHttpRequest at 'abc' from origin 'xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
any time I try to hit that API from the frontend.
I also tried manually enabling CORS from the API Gateway, but it threw unspecified errors.
From reading other support posts, I thought maybe adding a 200 method response on the gateway would fix it, but that didn't change anything either, even after adding a model for the response with an accurate schema.
I didn't change anything with the headers so I don't know why it stopped working. I also tried clearing my cache and running from an incognito window to make sure my browser cache wasn't messing with anything. Any help would be much appreciated.
Edit: I forgot to mention, this API works fine when I run it locally using sam local start-api
. It only throws this error when it is deployed.
I am not. This lambda is only used for GET. I did try adding POST, but that didn't change anything