Using CORS with AWS CDK and API Gateway

Question

I am trying to create an API Gateway REST API via AWS CDK:

  const api = new RestApi(scope, "MyProjectBackendAPI", {
    restApiName: "my-project-backend-api",
    deployOptions: {
      stageName: stage
    },
    defaultCorsPreflightOptions: {
      allowMethods: ['OPTIONS', 'POST'],
      allowOrigins: ['https://myproject.app', 'http://localhost:8080'],
    },
    domainName: {
      domainName: 'api.myproject.app',
      certificate: cert,
      basePath: stage == 'prod' ? '' : stage
    },
    disableExecuteApiEndpoint: true
  });

I've already enabled CORS as per this question , but when when I make a POST request (using fetch) from my either localhost:8080 or myproject.app , I still get the following CORS error in my browser console:

Access to fetch at 'https://api.myproject.app/beta/oauth' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. VM6:1

POST https://api.myproject.app/beta/oauth net::ERR_FAILED 200

Some related answers I've seen have implied that I need to return the CORS headers from my lambdas as well, but others have said that only the OPTIONS methods configured by CDK are sufficient. It doesn't make sense to me that I'd do the work to add preflight support, and then need to add that same functionality to all my POST requests as well, anyway.

I've also tried just using

allowMethods: Cors.ALL_METHODS,
allowOrigings: Cors.ALL_ORIGINS

and removing the defaultCorsPreflightOptions attribute entirely, but I still get the CORS error in my browser.

What am I missing?

Answer 1

There are couple of possible issues here:

1. If you have binaryMediaTypes enabled then CORS won't be sent
2. If you need CORS to be sent in any other requests except an OPTION one you need to send them by hand