'Configure CORS response headers on AWS Lambda?

I'm trying to create a new service using AWS API Gateway, but I found out the browser automatically calls OPTIONS method in order to obtain CORS information.

The problem is that AWS API Gateway does not offer a native way to configure CORS headers.

Is it possible to create a Lambda Script in order to respond to OPTIONS method?

corsaws-lambdaaws-api-gateway


Solution 1:[1]

If you have lambda-proxy enabled, you need to set the CORS headers manually:

module.exports.hello = function(event, context, callback) {

    const response = {
      statusCode: 200,
      headers: {
        "Access-Control-Allow-Origin" : "*", // Required for CORS support to work
        "Access-Control-Allow-Credentials" : true // Required for cookies, authorization headers with HTTPS
      },
      body: JSON.stringify({ "message": "Hello World!" })
    };

    callback(null, response);
};

https://serverless.com/framework/docs/providers/aws/events/apigateway#enabling-cors

Solution 2:[2]

Here is a sample, I hope this helps you:

...
    return {
        statusCode: 200,
        headers: {
            "Access-Control-Allow-Headers" : "Content-Type",
            "Access-Control-Allow-Origin": "*", // Allow from anywhere 
            "Access-Control-Allow-Methods": "GET" // Allow only GET request 
        },
        body: JSON.stringify(response)
    }
}

For more information please check this link: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

Solution 3:[3]

If you're using JQuery $.ajax, it will send the X-Requested-With with the POST following the OPTIONS request, so you need to make sure when setting up your OPTIONS access-control-accept-headers on AWS API to include that header: X-Requested-With along with the others.

Solution 4:[4]

I have a solution for HTTP API Gateway with ANY method. If you use authorizer on ANY method, your authorizer will reject the OPTIONS request as it doesn't contain an Authorization/Bearer token. Solution is simple: Next to the ANY route, create OPTIONS route with the very same path and no authorizer, pointing to lambda function. Then in lambda, add

const headers = {
    "Content-Type": "application/json",
    "Access-Control-Allow-Origin": "*",
    "Cache-Control": "max-age=0, no-store, must-revalidate",
    Pragma: "no-cache",
    Expires: 0
};
data = {
        multiValueHeaders: {},
        isBase64Encoded: false,
        statusCode: 200,
        headers: headers,
        body: ""
    }
if (event.httpMethod == "OPTIONS") {
    return context.done(undefined, data)
}

This worked for me.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 sqren
Solution 2 Thiago
Solution 3 jomamaxx
Solution 4 jacoor

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function