40

I get

enter image description here

While attempting to enable CORS on API Gateway, why is that and how do I resolve this? These functions are deployed using AWS SAM. But I notice if I create my own APIs via AWS Console this happens too

The errors looks like:

  • invalid model name specified application/json=Empty
  • invalid response status code specified

I found I seem to need to add an "Empty" response model myself?

Now, I get

Add Access-Control-Allow-Origin Integration Response Header Mapping to POST method (invalid response status code specified)

How do I resolve this?

Jiew Meng
  • 84,767
  • 185
  • 495
  • 805

4 Answers4

32

Firstly please select your root resource and select "Enable CORS". It will enable CORS to all methods. Ideally it should work. If in case it doesn't work Please add an empty json in the response as I have marked in the screenshot attached. I believe you don't have any default response header added in your OPTIONS method response (in Method Response ). Please refer screenshot

enter image description here

Vijayanath Viswanathan
  • 8,027
  • 3
  • 25
  • 43
  • 3
    I followed what you did and found that although in dev tools, I see OPTIONS as HTTP200, I still get "No 'Access-Control-Allow-Origin' header is present on the requested resource." – Jiew Meng Aug 26 '17 at 03:13
  • 1
    I think its because the OPTIONS route does not return the correct headers? What am I actually specifying in this screen? The "schema" that this route returns? How do I specify the values for those headers? I think this is the missing part – Jiew Meng Aug 26 '17 at 03:21
  • Ok found that after I do this and go back to integration response I can set values there. Now, I need to figure out how to automate this ... – Jiew Meng Aug 26 '17 at 03:34
  • The response headers aren't being returned from the Options request. How do you add values such as '*' to the Allow-Origin header? – Beanwah Dec 05 '18 at 16:15
  • 15
    This fixed 3 of 4 headers, but `Add Access-Control-Allow-Origin Integration Response Header Mapping to GET method` still fails :( – Dmitriy Popov Mar 10 '20 at 16:15
19

Create a new model from the left menu that you will call Empty and it works

empty model

MrLuje
  • 637
  • 6
  • 15
7

I had a CORS problem with API Gateway + Lambda and the above answers did not help me but I figured out I needed to add some headers information to my response code in my API.

I needed to add the res.statusCodeand the two headers.

// GET
// get all myModel
app.get('/models/', (req, res) => {
  const query = 'SELECT * FROM MyTable'
  pool.query(query, (err, results, fields) => {
    //...

    const models = [...results]
    const response = {
      data: models,
      message: 'All models successfully retrieved.',
    }
    //****** needed to add the next 3 lines
    res.statusCode = 200;
    res.setHeader('content-type', 'application/json');
    res.setHeader('Access-Control-Allow-Origin', '*');
    res.send(response)
  })
})
Ju66ernaut
  • 2,592
  • 3
  • 23
  • 36
  • This is the fix. Official Documentation: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html – samairtimer Apr 08 '20 at 12:09
0

2020 answer: Nowadays, there's an option called HTTP API when creating an API in the dashboard. For this type, I've found the CORS configuration to be much easier. If you have a working API of this type, you just have to click "CORS" under "Develop" in the sidebar, and then add '*' under Access-Control-Allow-Origin.

Tobias Feil
  • 2,399
  • 3
  • 25
  • 41
  • Good suggestion, may suit some cases, but it won't always be suitable: "REST APIs support more features than HTTP APIs, while HTTP APIs are designed with minimal features so that they can be offered at a lower price. Choose REST APIs if you need features such as API keys, per-client throttling, request validation, AWS WAF integration, or private API endpoints." [source](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html) – Colm Bhandal Jul 07 '22 at 17:54