-1

I tried to add CORS to my HTTP API and it does work for GET, POST, etc. but not for OPTIONS calls. What could be the reason?

It is a completely new HTTP API in AWS API Gateway. I added some hello world lambda function as a route and * as an allowed origin. I thought the whole point of OPTIONS calls is to send these headers...

Here is Postman requesting POST With POST

And here with OPTIONS enter image description here

This is my routes config enter image description here

And this is my CORS config enter image description here

Vector-Hector
  • 320
  • 1
  • 8
  • Proxy or non proxy? – Ermiya Eskandary Nov 06 '21 at 14:42
  • No proxy. The route is just `/` ANY – Vector-Hector Nov 06 '21 at 14:44
  • OPTIONS does not have CORS - what do you mean it works for GET & POST but not OPTIONS? Do GET/POST requests rreturn CORS errors? What's the actual issue? Can you add screenshots please? – Ermiya Eskandary Nov 06 '21 at 14:59
  • I added Postman screenshots. I expected the response of the OPTIONS request to also have a `access-control-allow-origin` header, so that my API works in browsers – Vector-Hector Nov 06 '21 at 15:37
  • Have you configured CORS in API Gateway to allow the OPTIONS method? Also, does your Lambda have appropriate return responses? – Minesh Barot Nov 06 '21 at 15:49
  • What do you mean with your first question? Where would I configure that? The only thing similar would be the `Access-Control-Allow-Methods` configuration, but that does not affect anything, no. My lambda just returns code 200 and some body. Does my lambda function have to handle the CORS headers? If so how and why? Whats the point of me configuring API Gateway then, if I have to implement it myself? – Vector-Hector Nov 06 '21 at 16:13
  • Can you please add screenshots of the API Gateway config please? – Ermiya Eskandary Nov 06 '21 at 17:25
  • Sure, if it helps you. I added routes and cors config. Do you need more? – Vector-Hector Nov 06 '21 at 17:36

1 Answers1

1

You should be able to easily add OPTIONS support for your API in your specification:

options:
  summary: CORS support
  description: |
    Enable CORS by returning correct headers
  tags:
    - CORS
  responses:
    200:
      description: Default response for CORS method
      headers:
        Access-Control-Allow-Origin:
          schema:
            type: string
        Access-Control-Allow-Methods:
          schema:
            type: string
        Access-Control-Allow-Headers:
          schema:
            type: string
      content: {}
  x-amazon-apigateway-integration:
    type: mock
    requestTemplates:
      application/json: |
        {
          "statusCode" : 200
        }
    responses:
      default:
        statusCode: '200'
        responseParameters:
          method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key'"
          method.response.header.Access-Control-Allow-Methods: "'*'"
          method.response.header.Access-Control-Allow-Origin: "'*'"
        responseTemplates:
          application/json: |
            {}

This should work for non proxy integrations and returns the correct headers directly from the API and not from the lambda. You may need to modify the response parameters to suit your needs.

For proxy integrations, you need to implement the response in the lambda function (https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html)

kgiannakakis
  • 103,016
  • 27
  • 158
  • 194
  • Thanks, but how do I import that properly? I tried adding it to my exported openapi config. The route was added, but no integration. When requesting the endpoint I get 204 No Content. – Vector-Hector Nov 06 '21 at 16:03