AWS API Gateway - CORS “access-control-allow-origin” - multiple entries
I have a AWS Lambda instance that connects to a defined AWS API Gateway. If I enable CORS and give the access-control-allow-origin a definition of http:/
-
This has always been an annoyance with CORS if you want to enable several Origins.
The common workaround in other systems (e.g. express/nginx etc) is to:
- inspect the
Originheader sent by the browser - check it against a whitelist of origins
- if it matches, return the incoming
Originas theAccess-Control-Allow-Originheader, else return a placeholder (default origin)
This isn't possible using AWS-Gateway's autowired CORS support as uses a mock integration, it is however possible if you write your own code to process the
OPTIONSrequest.Below is example code written with lambda proxy integrations:
const allowedOrigins = [ "http://example.com", "http://example.com:8080", "https://example.com", "https?://[a-z]*.?myapp.com", "http://localhost:[0-9]*" ]; exports.handler = (event, context) => { const origin = event.headers.Origin || event.headers.origin; var goodOrigin = false; if (origin) { allowedOrigins.forEach( allowedOrigin => { if (!goodOrigin && origin.match(allowedOrigin)) { goodOrigin = true; } }); } context.succeed({ headers: { "Access-Control-Allow-Headers": "Accept,Accept-Language,Content-Language,Content-Type,Authorization,x-correlation-id", "Access-Control-Expose-Headers": "x-my-header-out", "Access-Control-Allow-Methods": "DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT", "Access-Control-Allow-Origin": goodOrigin ? origin : allowedOrigins[0] }, statusCode: 204 }); };Save this as a lambda function. To set this up in API-Gateway add an
OPTIONSmethod and for theIntegration RequestchooseLambda FunctionwithUse Lambda Proxy integrationticked.Of course the downside to this is that you are paying for the lambda functions, and calling the lambda function will probably be an extra 50ms latency over the mock integration.
- inspect the
加载中...
- 热议问题