Reputation: 21
AWS CORS problem CLOUDFRONT <> APIGATEWAY
I am struggling with the CORS error.
- I've deployed a backend using APIGATEWAY. It works properly via POSTMAN at the https://APIGATEWAY_URL
- I've deployed a web app using CLOUDFRONT, and it works too, if I open the https://CLOUDFRONT_URL from the browser.
PROBLEM
The web app requests are blocked because of the CORS Problem. Access to XMLHttpRequest at '[APIGATEWAY_URL]' from origin ' [CLOUDFRONT_URL]' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Am I missing some configurations?
Thanks for help
Upvotes: 0
Views: 1347
Answers (2)
Reputation: 7069
For me, I had to do 2 things in order to fix this CORS issue. I was using Amazon API Gateway REST API with Lambda using Proxy integration.
First, you need to configure your API Gateway resource to implement an
OPTIONSmethod that can respond to theOPTIONSpreflight request with at least the following response headers mandated by the Fetch standard:- Access-Control-Allow-Methods
- Access-Control-Allow-Headers
- Access-Control-Allow-Origin
And this is how, I did it for one of my applications.
Second thing, if you are doing the proxy integration, then your backend is also responsible for returning the
Access-Control-Allow-OriginandAccess-Control-Allow-Headersheaders for all other requests of different types includingGET,PUT,POSTandDELETEexceptOPTIONS(since OPTIONS is already handled by the API Gateway).For me, it was a .NET Lambda function, so I did something like this.
builder.Services.AddCors(item => { item.AddPolicy("CORSPolicy", builder => { builder.WithOrigins("https://abcd.cloudfront.net") .AllowAnyMethod() .AllowAnyHeader(); }); });
You can find more details here - Enabling CORS for a REST API resource
Upvotes: 1
Reputation: 10734
Take a look at the CDK Script for the AWS example PAM application. This app successfully invokes an API Gateway endpoints using a React app that uses Cloud Front. This app demonstrates how to succesfully set up this configuration.
Backend is here:
https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/usecases/pam_source_files
CDK/Front end is here:
https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/resources/cdk/photo_asset_manager
Upvotes: 0
Related Questions
- Trying to use fetch and pass in mode: no-cors
- Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
- How to enable CORS in flask
- API Gateway CORS: no 'Access-Control-Allow-Origin' header
- No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API
- CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
- What is the motivation behind the introduction of preflight CORS requests?
- No 'Access-Control-Allow-Origin' - Node / Apache Port Issue
- Response to preflight request doesn't pass access control check - No 'Access-Control-Allow-Origin' header
- AWS CloudFront: Font from origin has been blocked from loading by Cross-Origin Resource Sharing policy