CODEWITHSUNDEEP
node.jsamazon-web-servicesaws-lambdaaws-api-gateway
Harry
Harry

Reputation: 1091

Can't access API with Lambda and API Gateway

I have an aws lambda function that returns the following response:

var responseBody = { cost: price };
var response = {
   statusCode: 200,
   headers: {
          "Access-Control-Allow-Origin": "*"
     },
    body: JSON.stringify(responseBody),
    isBase64Encoded: false
};

callback(null, response);

But I get the following error in my frontend Angular application.

Access to XMLHttpRequest at 'https://xxxxxxxxx.execute-api.us-east-1.amazonaws.com/dev/price' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Upvotes: 3

Views: 7882

Answers (3)

Brian S
Brian S

Reputation: 5785

It is years later, but I ran into this problem with an API deployed via CDK. Perhaps this will help someone else in my same situation.

If you are using an ANY route, instead try switching to specific method routes : [GET, PUT, POST, DELETE].

In my situation (when using an ANY route), the preflight for my POST was failing with the error:

...has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

When I switched from one ANY route to specific [GET, PUT, POST, DELETE] routes, my preflight, and POST requests both worked as expected.

Upvotes: 0

David Liao
David Liao

Reputation: 875

If you are using API Gateway HTTP APIs (not sure if this is relevant for the REST APIs):

Lets say I have an endpoint at /POST products. I had to add another endpoint at /OPTIONS products and integrate it with a simple Lambda function that just returns the HTTP 200 OK (or HTTP 204 No Content), and the "Access-Control-Allow-Origin": "*" header (or even better, specify the URL of your origin/client).

This is because browsers issue a preflight /OPTIONS request to the same endpoint, before issuing the actual request (see more), for all HTTP requests except GET and POST with certain MIME types (source).

Upvotes: 16

Axel
Axel

Reputation: 161

You need to enable CORS on your resource using API gateway, check this link to more information https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

Upvotes: 1

Related Questions