I am trying to set an api key on iron-ajax client in a polymer app to consume an API Gateway endpoint of Amazon Web Services. On the server side(API Gateway) I enabled a wildcard on cors, also enabled x-api-key as header and granted credentials. When I run my client, I always get the same response in Chrome:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 403.
The network response is {"message": "Forbidden"}
I tried the following code, changing things in multiple ways, but I got nothing.
<iron-ajax
id="requestOpensource"
url='https://myservice.execute-api.eu-west-1.amazonaws.com/development/myservice'
method='GET'
headers = "{{ajaxParams}}"
handle-as="json"
content-type="application/json"
on-response="handleResponse"
with-credentials="true"
on-error="handleErrorResponse">
</iron-ajax>
</template>
<script>
Polymer({
is: 'my-view1',
properties: {
response: {
type: Object
},
apikey: {
type: String,
value: '12345'
},
ajaxParams: {
type: String,
computed: 'processParams(apikey)'
},
headers: {
type: Object,
computed: 'getHeaders(customHeader)'
},
customHeader: {
value: '12345'
}
},
getHeaders: function(customHeader) {
return {'X-API-Key': customHeader}
},
processParams: function(apikey) {
return {
key: apikey
}
},
ready: function () {
debugger
this.$.requestOpensource.headers['x-api-key'] = "12345"
//this.$.requestOpensource.headers['Access-Control-Allow-Origin'] = "*"
this.$.requestOpensource.generateRequest()
}
</script>
Also I used chrome plugin to enable cors but it is not a good solution for my customers (and also I got same response). I believe the problem is not setting properly the data on headers. But I read multiple forums and I dont know what to do next.
Thanks a lot for your responses!
