first post in over 6years.
So I have setup a AWS ApiGateway rest API. Its a simple API with one endpoint for a POST request. Works without issues.
However when I add my AWS WAF rule for Captcha to the protect the API Gateway I am getting cors errors. If I change the rule from Captcha to just allow no issues.
When I make the same API call from restninja.io with the Captcha token present in the header no issue. Everything works.
To give more background, I am trying the new Application Integration for WAF captcha which lets you render the captcha challenge on your own page instead of it being the page.
// this is how I initialize the Captcha challenge
AwsWafCaptcha.renderCaptcha(container, {
apiKey: "ApiKeyHere",
onSuccess: captchaExampleSuccessFunction,
onError: captchaExampleErrorFunction,
dynamicWidth: true,
skipTitle: true
});
// how I retrieve the token before my POST request
const token = await AwsWafIntegration.getToken();
// this is my API call using the AWS Waf Fetch wrapper
// the call works without Captcha rule being turned on and all the options being commented out, included it here just to show what I have been trying from the frontend side
const response = await (window as any).AwsWafIntegration.fetch(url, {
method: "POST",
// mode: "cors",
// cache: "no-cache",
// credentials: "include",
// headers: {
// "Content-Type": "application/json",
// // "X-Aws-Waf-Token": token,
// // "Cookie": `aws-waf-token=${token}`
// },
body: JSON.stringify(data),
});
I feel I am missing something super minor, as I mentioned earlier I am able to get it to work with restninja.io but have not been able to figure out what the difference is.
