stackoom
  简体   繁体   中英

How to allow set-cookie to be sent in AWS HTTP API Gateway?

 原文  2021-07-03 12:53:28       node.js/ amazon-web-services/ express/ cookies/ aws-api-gateway

Question

Note: This question is not about AWS REST API Gateway, this question is about AWS HTTP API Gateway

My AWS HTTP API Gateway does not allow cookies to be passed. I am using

  1. express.js app on server hosted on ECS
  2. Have set cors as follows:

On HTTP API Gateway: 在此处输入图片说明

On the express.js server I have configured cors in the following way: In app.js

const cors = require("cors");
app.use(cors({
    credentials: true
}));

The response to requests are sent in following way:

const options = {
    maxAge: 900000,
    httpOnly: true,
    secure: true,
    sameSite: 'none'
};

res.status(200)
    .cookie("accessToken", accessToken, options)
    .json({});

When I remove HTTP API Gateway from being in between client and server, the client is receiving cookies properly. But when calls are made to API Gateway, response is throwing following error:

**Access to fetch at 'https://api.*****.**/login' from origin 'https://cookie.*****.**' has been blocked by CORS policy: Request header field custom_field_name is not allowed by Access-Control-Allow-Headers in preflight response.**

^ How do I resolve this error?

Here is the preflight request and its response from developer console > network

GENERAL

Request URL: https://api.*****.**/login
Request Method: OPTIONS
Status Code: 204 
Remote Address: [64:ff9b::306:a6f7]:443
Referrer Policy: strict-origin-when-cross-origin

RESPONSE HEADERS

access-control-allow-headers: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
Access-Control-Allow-Origin: https://cookie.*****.**
access-control-max-age: 0
apigw-requestid: CIlgSiwhBcwEJyQ=
date: Thu, 08 Jul 2021 04:45:02 GMT

REQUEST HEADERS

:authority: api.*****.**
:method: OPTIONS
:path: /login
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
access-control-request-headers: custom_field_name,content-type
access-control-request-method: POST
origin: https://cookie.*****.**
referer: https://cookie.*****.**/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

1 answers

solution1
 0  2021-07-06 18:49:56

https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors-console.html

Read point number 5 about Access-Control-Allow-Headers

That field has the list of allowed headers that you can pass through. You just need to add set-cookie to that list

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question API Gateway Set-Cookie with Lambda Proxy set-cookie AWS Serverless Set-Cookie header not being sent Set-Cookie not sended on HTTP response header Why is the Set-Cookie header not being sent? — using Restify in Node.js, how to get set-cookie value in a <meta http-equiv> tag Angularjs $http does not seem to understand “Set-Cookie” in the response How to read variable value sent over Http Post and Get on AWS API Gateway Lambda using Javascript(Node.js)? Set-Cookie sent by express-sessions is not being set on browser but works in local development Cookie in Set-Cookie header not being set
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM