CODEWITHSUNDEEP
javascriptaws-lambdaaws-api-gatewayaxiosserverless-framework
John
John

Reputation: 3115

Serverless / AWS API Gateway CORS Unable to Access Headers

My function's config:

register:
  handler: handlers.register
  events:
    - http:
        integration: lambda-proxy
        path: register
        method: post
        cors: true

OPTIONS is returning these headers to the browser:

access-control-allow-credentials:false
access-control-allow-headers:Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods:OPTIONS,POST
access-control-allow-origin:*

My POST method is returning these headers to the browser:

access-control-allow-credentials:true
access-control-allow-headers:Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods:*
access-control-allow-origin:*
...
x-amzn-remapped-authorization:Bearer {MY_TOKEN}

I send back a response from my handler with an Authorization header containing Bearer {MY_TOKEN}. I'm still, however, unable to access x-amzn-remapped-authorization from my JS client using axios. All I get back in JS is content-type.

Upvotes: 2

Views: 839

Answers (1)

John
John

Reputation: 3115

Access-Control-Allow-Headers is returned in a preflight response (from OPTIONS) by the server (in this case, API Gateway) for specifying which headers the client can use when making a request.

Access-Control-Expose-Headers is specified in your handler's response indicating which headers you want the browser to expose to the client.

I added 'Access-Control-Expose-Headers': 'X-Amzn-Remapped-Authorization' to my handler's response and everything is now working as expected.

Upvotes: 2

Related Questions