Reputation: 3831
Managing CORS on AWS APIGW and Lambda Handlers
I have backend services implemented in AWS Lambda (AWS::Serverless::Function + AWS::Serverless::RestAPI).
Originally I thought that I would use API Gateway to handle all CORS headers, so my Lambda is pure and agnostic to networking and Origin and traffic. When we integrated with our FE that is served from S3 via CloudFront, we encountered CORS problems and the only way we can find is to add following code into out Lambda handlers
resolve({
statusCode: 200,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({
...accountDefinition,
}),
which explicitly couples our code with HTTP protocol and even deployment and Origin location.
Is there any way to configure this setup without forcing this code into our Lambda? I really hoped that AWS API GW is capable of shielding us from CORS and other stuff so we are not forced to couple our code with Origin and other stuff.
Upvotes: 2
Views: 288
Answers (2)
Reputation: 2265
ApiGateway is able to handle CORS just in case you are not using proxy integration. If you are using proxy integration ApiGateway just passes what gets from lambda.
In Integration Request disable Use Lambda Proxy integration option.
or in OpenAPI definition:
x-amazon-apigateway-integration:
type: aws # not aws_proxy
Upvotes: 0
Reputation: 116
In my experience AWS API Gateway is able to do what you need. I have done that using the following definition of the API Gateway linked to the Lambda Functions API Events
ServerlessApi:
Type: AWS::Serverless::Api
Properties:
Cors:
AllowCredentials: false
AllowHeaders: "'*'"
AllowMethods: "'*'"
AllowOrigin: "'*'"
EndpointConfiguration:
Type: REGIONAL
Name: !Ref ApiName
StageName: !Ref Environment
Adjust the CORS fields to your needs
You can see documentation of the API Gateway serverless resource here and for this resource type you can see Cors config specifically here
Once these changes are applied all of the endpoints of your API will have the CORS configs
Hope that's what you are searching for
Upvotes: 2
Related Questions
- API Gateway HTTP API CORS
- CORS configuration in AWS API Gateway
- How do I stop CORS from rejecting my Lambda-Proxy that I create in AWS API Gateway?
- CORS defeats AWS LAMBDA :(
- How to enable CORS Headers for a Lambda Integration in AWS API Gateway, using the API Gateway API?
- Can not enable cors properly in apigateway
- CORS error despite 'Access-Control-Allow-Origin' specified in Lambda response when using Lambda, API Gateway and Cloudfront
- Can't enable CORS on Lambda + API Gateway + Cloudfront on the Cloudfront layer
- How to Enable CORS for an AWS API Gateway Resource
- CORS in AWS API Gateway + AWS Lambda