[英]API Gateway CORS 204 error with CORS enabled in API Gateway and 'Access-Control-Allow-Origin: *' in lambda header
I have an API Gateway (HTTP) > Lambda > DynamoDB set up.我有一个 API 网关 (HTTP) > Lambda > DynamoDB 设置。 I can successfully do a PUT and GET request through Postman but I am receiving a CORS error when I try and do a PUT request through my browser.我可以通过 Postman 成功执行 PUT 和 GET 请求,但是当我尝试通过浏览器执行 PUT 请求时收到 CORS 错误。 I can successfully do a GET request through the browser.我可以通过浏览器成功发出 GET 请求。
A Post request through the browser returns通过浏览器的 Post 请求返回
Access to XMLHttpRequest at 'https://xxx.execute-api.eu-west-1.amazonaws.com/items' from origin 'http://localhost:5500' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I have enabled CORS on the API Gateway.我在 API 网关上启用了 CORS。 Automatic redeploy is on.自动重新部署已开启。 I have also redeployed manually just in case.我还手动重新部署以防万一。
I have also added `Access-Control-Allow-Origin' and 'Access-Control-Allow-Methods' to the headers in the lambda response.我还在 lambda 响应的标题中添加了“Access-Control-Allow-Origin”和“Access-Control-Allow-Methods”。 I have tried the lambda with and without these responses as I understand API Gateway should resolve the pre-flight request.我已经尝试了 lambda 有和没有这些响应,因为我了解 API 网关应该解决飞行前请求。 Both ways still return a CORS 204 error.两种方式仍然返回 CORS 204 错误。
const dynamo = new AWS.DynamoDB.DocumentClient();
exports.handler = async (event, context) => {
let body;
let statusCode = 200;
const headers = {
"Content-Type": "application/json",
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'OPTIONS,PUT,GET'
};
try {
switch (event.routeKey) {
case "GET /items":
// database call
case "PUT /items":
// databse put
default:
throw new Error(`Unsupported route: "${event.routeKey}"`);
}
} catch (err) {
statusCode = 400;
body = err.message;
} finally {
body = JSON.stringify(body);
}
return {
statusCode,
body,
headers
};
};
I believe I should be seeing my headers in Postman, but I am not.我相信我应该在 Postman 中看到我的标题,但我没有。 I know the API Gateway is updating because if I remove Access-Control-Allow-Origin in the API Gateway Console, my GET request also fails due to CORS.我知道 API 网关正在更新,因为如果我在 API 网关控制台中删除 Access-Control-Allow-Origin,我的 GET 请求也会由于 CORS 而失败。
I found the solution here: aws apigateway not returning expected preflight headers, CORS我在这里找到了解决方案: aws apigateway not return expected preflight headers, CORS
The solution was to not use API Gateway for CORS since it was simply not working.解决方案是不为 CORS 使用 API 网关,因为它根本不起作用。 I had to add an OPTIONS route and return the desired headers.我必须添加一个 OPTIONS 路由并返回所需的标题。
Frustrating since AWS docs say the following.令人沮丧,因为 AWS 文档说了以下内容。
If you configure CORS for an API, API Gateway automatically sends a response to preflight OPTIONS requests, even if there isn't an OPTIONS route configured for your API. For a CORS request, API Gateway adds the configured CORS headers to the response from an integration.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.