Reputation: 3970
How to bypass header from request into header in response in AWS API Gateway?
I have API Gateway endpoint, which is actually mock endpoint. What I am trying to do is to make API to take Origin header from request and return the same value in response as Access-Control-Allow-Origin header.
So far I've tried to do the following:
- Got to "Method Request" and add "Origin" header to the list
- In "Method Execution" I am trying to map Access-Control-Allow-Origin to method.request.header.Origin, but I am getting an error message
Invalid mapping expression specified: Validation Result: warnings : [], errors : [Invalid mapping expression specified: method.request.header.Origin]
Thanks!
Upvotes: 2
Views: 1724
Answers (2)
Reputation: 325
It can be done by input.param and context.responseOvverride methods
In Integration Response add a Mapping Template for proper Content-Type with a body like this:
#set($origin = $input.params('origin'))
#set($context.responseOverride.header.Access-Control-Allow-Origin = $origin)
It should look like this:
Of course, it can also be added via Cloud Formation and x-amazon-apigateway-integration. Example part of yaml:
x-amazon-apigateway-integration:
responses:
default:
statusCode: "200"
responseTemplates:
application/json: |
#set($origin = $input.params('origin'))
#set($context.responseOverride.header.Access-Control-Allow-Origin = $origin)
Hope that helps.
Upvotes: 0
Reputation: 1273
integration.request and integration.response only prepare the input to and output from the integration response. Therefore the integration request only supports additional input from the method.request and the integration response only supports additional input from the method response definitions.
Mapping the method.request parameters to method.response is currently not supported but definitely a valid and useful use case. I'll add it to our backlog, but unfortunately cannot commit to a timeline for when we plan on delivering this feature enhancement.
As a workaround, you could pass the Origin header to your integration endpoint which simply mirrors the input and passes it back to API Gateway. This way you should be able to return the value of the Origin request header as an Access-Control-Allow-Origin response header.
Hope this helps,
Jurgen, API Gateway
Upvotes: 4
Related Questions
- API Gateway CORS: no 'Access-Control-Allow-Origin' header
- enabling CORS for AWS API gateway with the AWS CDK
- How to pass a querystring or route parameter to AWS Lambda from Amazon API Gateway
- Adding allow all to 'Access-Control-Allow-Origin' header in AWS Gateway response using CDK
- Get detailed error messages from AWS API Gateway Request Validator
- Can't use custom Request Headers on AWS API Gateway with CORS
- Fail to enable CORS for API Gateway functions
- request api gateway cors error