3

I did cors configuration in response header of my api correctly.

when I tested my api via postman with a validated token attached in header('Authorization'), it returned 200.

i checked my frontend fetch code to request that api, it seems that there is no error or fault.

how can it happen? does anyone who suffered from same as what I'm struggling now.

Added:

my front end fetch code looks like this.

export const getDoc = async (docId, token) => {
    const path = `${apiGateway.URL}`;
    const body = {
        docId: docId
    };
    const headers = {
        Authorization: token,
        'Content-Type': 'application/json'

    };
    const result = await fetch(path, {
        body,
        headers,
    });
    if (result.status !== 200) {
        throw new Error('failed to get doc');
    }
    return result.json();
};
Byoungjun Roy Choi
  • 31
  • 1
  • 3
  • @VijayanathViswanathan of course, i've done fundamental CORS configuration in API gateway. as i mentioned above, API call success in post man. but it doesn't work in my frontend code – Byoungjun Roy Choi Oct 12 '17 at 17:52
  • Both the 'Authorization' request header and the 'Content-Type: application/json' trigger your browser to do a preflight. So the problem is exactly what I described in my previous comment: You need to reconfigure the server to not require authorization for OPTIONS requests. The reason is, the browser doesn’t send the Authorization request header when it makes that preflight OPTIONS request. The reason it doesn’t is because the entire purpose of that OPTIONS request is for the browser to ask the server, Do you allow cross-origin requests that have the Authorization header? – sideshowbarker Oct 12 '17 at 21:29

1 Answers1

2

you should just enter "Authorization" into the "Token Source" field, NOT 'method.request.headers.Authorization'. Otherwise, you will get a 401 error.

Vijayanath Viswanathan
  • 8,027
  • 3
  • 25
  • 43