发表新帖
发表新帖

Configure CORS response headers on AWS Lambda?

后端 未结
关注
4 843
面向向阳花
面向向阳花 2020-12-10 01:22

I\'m trying to create a new service using AWS API Gateway, but I found out the browser automatically calls OPTIONS method in order to obtain CORS information.

The pr

相关标签:
4条回答
  • 日久生厌
    2020-12-10 02:11

    If you're using JQuery $.ajax, it will send the X-Requested-With with the POST following the OPTIONS request, so you need to make sure when setting up your OPTIONS access-control-accept-headers on AWS API to include that header: X-Requested-With along with the others.

    0 讨论(0)
  • 鱼传尺愫
    2020-12-10 02:17

    If you have lambda-proxy enabled, you need to set the CORS headers manually:

    module.exports.hello = function(event, context, callback) {

    const response = {
      statusCode: 200,
      headers: {
        "Access-Control-Allow-Origin" : "*", // Required for CORS support to work
        "Access-Control-Allow-Credentials" : true // Required for cookies, authorization headers with HTTPS
      },
      body: JSON.stringify({ "message": "Hello World!" })
    };

    callback(null, response);
};

    https://serverless.com/framework/docs/providers/aws/events/apigateway#enabling-cors

    0 讨论(0)
  • 别跟我提以往
    2020-12-10 02:22

    If you're using {proxy+} endpoint, you must handle CORS HTTP requests in the Lambda function. The implementation depends on the framework you're using. For Express, the easiest solution is to simply use Express CORS middleware.

    If you don't want to handle CORS requests by Lambda, try changing the settings of your Lambda Method to handle CORS on the API Gateway level.

    Here's a detailed official tutorial for CORS setup on AWS API Gateway.

    It's also critical that you allow header X-Api-Key in Access-Control-Allow-Headers otherwise auth won't work and you'll get errors.

    EDIT: In November 2015 the API Gateway team added a new feature to simplify CORS setup.

    0 讨论(0)
  • 别那么骄傲
    2020-12-10 02:26

    Here is a sample, I hope this helps you:

    ...
    return {
        statusCode: 200,
        headers: {
            "Access-Control-Allow-Headers" : "Content-Type",
            "Access-Control-Allow-Origin": "*", // Allow from anywhere 
            "Access-Control-Allow-Methods": "GET" // Allow only GET request 
        },
        body: JSON.stringify(response)
    }
}

    For more information please check this link: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

    0 讨论(0)
 看不清?
提交回复
热议问题