Reputation: 341
Setting CORS via API Gateway for Serverless Architecture Model Proxy Endpoint
I am working on a C#/.Net serverless application using the AWS Visual Studio Toolkit, and I am having a bit of trouble figuring out what I am missing as far as CORS configuration. I based my project off of the ASP.Net example included with the toolkit, which configured API Gateway to have a single API endpoint that works as a proxy into the ASP.Net Web API framework.
In testing this application in chrome (serving a local node project) I am getting No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
I know this means I have to configure CORS on the API Gateway endpoint, but I seem to be missing something. I use the actions dropdown to enable CORS as such...
But I get some errors and the problem persists.
I used a chrome extension to disable CORS (temporarily) and have confirmed that the API endpoint works normally without CORS.
So what am I missing here? The examples of setting CORS online don't usually have instructions of a catch-all endpoint like this is set up to use, and even breaking GET into its own method didn't seem to help.
As an additional question, if there is some CORS configuration I am missing, is there a good way to get it integrated into the serverless.template file or some other automated deploy step?
Upvotes: 4
Views: 2380
Answers (3)
Reputation: 1
For the APIs to work properly two things must be done: 1. The options method must be correctly setup - usually done using a mock method on the API gateway. 2. The HTTP method implementations in your code must return the CORS header correctly. There are quite a few articles about this if you search.
For me the problem was Point 1; using the API Gateway 'Enable CORS' button did not work for me when I was developing API-Gateway Lambda integration using .NET Core. I also didn't find a way to add creation of the options method in the serverless.template file.
Here's another way to do it; after publishing the lambdas from CLI or VisualStudio, fire a PUT request on the API endpoint and pass a swagger definition which contains the options method defs and ensure you set the query param mode=merge. You can use PostMan to do this.
or
You use a DotNet utility which does the same thing explained here: http://sbytestream.pythonanywhere.com/blog/Enabling-APIGateway-CORS The source code is available on GitHub too.
Upvotes: 0
Reputation: 9
You need to have the header on your server as well as the api gateway. See this sample: - The cors header is applied to the static bucket website
https://www.codeproject.com/Articles/1178781/Serverless-Architecture-using-Csharp-and-AWS-Amazo
Upvotes: 0
Reputation: 2308
It has to do with your ANY proxy method. As stated here: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html
Note When applying the above instructions to the ANY method in a proxy integration, any applicable CORS headers will not be set. Instead, you rely on the integration back end to return the applicable CORS headers, such as Access-Control-Allow-Origin
So you will have to make your backend API return the appropriate CORS headers.
Upvotes: 6
Related Questions
- HTTPApi + Serverless Framework + API Gateway CORS not working
- Serverless AWS Lambda CORS Error
- API Gateway: Can't Enable CORS
- CORS issues with Serverless Lambda and API Gateway
- CORS configuration in AWS API Gateway
- Resource blocked by CORS policy in Serverless API Gateway Lambda even though its set up
- serverless framework AWS REST API Gateway - 403 CORS error
- Serverless aws Cors setting
- How to Enable CORS for an AWS API Gateway Resource
- Serverless / AWS API Gateway CORS Unable to Access Headers