Access-Control-Allow-Origin header doesn't appear in response
0
Hi there!
I have a CORS problem with my application.
I have the following prerequisite:
- Application is creating by serverless framework
- route has lambda integration
- route has cognito authenticator
- route has response integration for 401 status "method.response.header.Access-Control-Allow-Origin": "'*'" and pattern "Unauthorized"
- route has response integration "Access-Control-Allow-Origin"
When I try to make request, I've got 401 response with body
{ "message": "Unauthorized" }
but header "Access-Control-Allow-Origin" doesn't exist in response
1 回答
- 最新
- 投票最多
- 评论最多
1
Hi,
I think that in this case you should add the Access-Control-Allow-Origin header at the predefined API Gateway response section and not in your API method response, since it is the gateway who is responding for authorization failure before your method is executed.
I have it for 401 status in tab "Method responses" enabled headers Access-Control-Allow-Origin
CloudFormationPart
{ "ResponseParameters": { "method.response.header.Access-Control-Allow-Origin": true }, "ResponseModels": {}, "StatusCode": "401" }Not on your method response, but in the API Gateway default responses. I recommend that you take a look at the link in the previous comment.
Thank you! Sorry, didn't read it carefully. But why, even if I put extra header in method response header still didn't present in response?
maybe response from authorizer avoid response integration step
Exactly, when the API fails because the authorizer or request validation, among others, your method is not executed and the API gateway returns the appropriate default response.