具有身份验证Angular2的CORS AWS API网关

Question

my AWS API-Gateway is configured as Lambda Proxy. In Lambda i added the following Headers:

'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': '*',
'Access-Control-Allow-Headers': 'Content-Type,X-Amz-Date,Authorization,X-Api-Key'

First, everythink works fine with it. Now i added an Authorizer with CognitoUserPool and i get the following Error:

XMLHttpRequest cannot load https://xxx.eu-west-1.amazonaws.com/xxx/xxx. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. The response had HTTP status code 401.

I think the problem is, that with Authentication my Lambdafunction is not invoked and so no Headers were set. I call the Endpoint from an Angular2 Application with

const headers = new Headers();
headers.append('Authorization', 'authtoken');
http.get('address...', headers);

But the headers were not set/append to the request because of any CORS-reasons i think.

Anyone an idea how can i solve this?

PS: I tried the "Enable Cors" feature of API-Gateway but that does not work.

Edit: I also have a "OPTIONS" Method in Gateway with Authentication, that responds with the Headers above.

Greetings

Answer 1

Is your Lambda Proxy function mapping to the ANY HTTP method type? If so, it may be attempting to perform authentication on the pre-flight ( OPTIONS ) request. If this is the case, try mapping your proxy function to POST , GET , etc. specifically.

Answer 2

I found the solution of the problem. It was not caused by API-Gateway. Problem was this code:

const headers = new Headers();
headers.append('Authorization', 'authtoken');
http.get('address...', headers);

The "get" needs a "RequestOptions"-object. It has to be:

const headers = new Headers();
headers.append('Authorization', 'authtoken');
const options = new RequestOptions({headers: headers});
http.get('address...', options);