j3d
Reputation: 9734
AWS - How to enable CORS for Lambda Function
I'm trying to enable CORS for a Lambda function written in Go and below are my configuration and code.
Here's my SAM config...
AuthBindApi:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Cors:
AllowOrigin: "'*'"
AllowMethods: "'POST,OPTIONS'"
AllowHeaders: "'X-Amz-Date,X-Api-Key,X-Amz-Security-Token,X-Requested-With,X-Auth-Token,Referer,User-Agent,Origin,Content-Type,Authorization,Accept,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-Headers'"
Auth:
DefaultAuthorizer: CognitoAuthorizer
Authorizers:
CognitoAuthorizer:
UserPoolArn: !GetAtt CognitoUserPool.Arn
AuthBindFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: functions/auth/bind
Handler: bind
Runtime: go1.x
Tracing: Active
Policies:
- DynamoDBCrudPolicy:
TableName: !Ref AuthInfoTable
- Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "cognito-identity:GetOpenIdTokenForDeveloperIdentity"
Resource: "*"
Events:
ApiEvent:
Type: Api
Properties:
Path: /auth/bind
Method: POST
RestApiId: !Ref AuthBindApi
Auth:
Authorizer: CognitoAuthorizer
Options:
Type: Api
Properties:
Path: /auth/bind
Method: OPTIONS
RestApiId: !Ref AuthBindApi
... and here's my lambda:
func handler(ctx context.Context, req events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
...
return events.APIGatewayProxyResponse{
Headers: map[string]string{
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "POST,OPTIONS",
"Access-Control-Allow-Headers": "X-Amz-Date,X-Api-Key,X-Amz-Security-Token,X-Requested-With,X-Auth-Token,Referer,User-Agent,Origin,Content-Type,Authorization,Accept,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-Headers",
},
StatusCode: http.StatusOK,
}, nil
}
I'va also tried to specify all possible HTTP methods... but I always get the following error message:
Access to XMLHttpRequest at 'https://lc5zxsnfg5.execute-api.eu-west-1.amazonaws.com/Prod/bind' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I've been struggling for 2 days now and any hints would be really appreciated.
Upvotes: 2
Views: 2701
Answers (1)
j3d
Reputation: 9734
Here's the working configuration:
AuthBindApi:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Cors:
AllowOrigin: "'*'"
AllowMethods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
AllowHeaders: "'X-Amz-Date,X-Api-Key,X-Amz-Security-Token,X-Requested-With,X-Auth-Token,Referer,User-Agent,Origin,Content-Type,Authorization,Accept,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-Headers'"
Auth:
DefaultAuthorizer: CognitoAuthorizer
Authorizers:
CognitoAuthorizer:
UserPoolArn: !GetAtt CognitoUserPool.Arn
AuthBindFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: functions/auth/bind
Handler: bind
Runtime: go1.x
Tracing: Active
Policies:
- DynamoDBCrudPolicy:
TableName: !Ref AuthInfoTable
- Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "cognito-identity:GetOpenIdTokenForDeveloperIdentity"
Resource: "*"
Events:
ApiEvent:
Type: Api
Properties:
Path: /auth/bind
Method: POST
RestApiId: !Ref AuthBindApi
Auth:
Authorizer: CognitoAuthorizer
Don't ask me why... but putting all the http methods in AllowMethods did the trick:
AllowMethods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
Upvotes: 1
Related Questions
- Serverless AWS Lambda CORS Error
- CORS Error accessing Lambda function from S3-hosted website
- How can I add a CORS header to this Lambda function
- Resource blocked by CORS policy in Serverless API Gateway Lambda even though its set up
- CORS defeats AWS LAMBDA :(
- AWS Lambda - No 'Access-Control-Allow-Origin' header is present on the requested resource
- How to fix "CORS Policy" error when I tried to access AWS lambda with HTTP request?
- Serverless aws Cors setting
- CORS in AWS API Gateway + AWS Lambda
- Trouble enabling CORS through API gateway for lambda function