sparse-tomato-56640
10/17/2019, 6:40 PMnew awsx.apigateway.API(`firebaseAuth-${stack}`, {
routes: [
{
path: '/',
method: 'POST',
apiKeyRequired: true,
eventHandler: new aws.lambda.CallbackFunction(`firebaseAuth-${stack}`, {
callback: (event, _, cb) =>
cb(null, {
statusCode: 200,
headers: {
'Access-Control-Allow-Origin': '*',
},
body: handler(event),
}),
}),
},
],
})
Is there a simple way to add cors headers to the preflight response in the awsx implementation?stocky-island-3676
10/17/2019, 7:50 PMgatewayResponses
field -> https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/apigateway/#APIArgs-gatewayResponsesminiature-musician-31262
10/17/2019, 9:19 PMconst api = new awsx.apigateway.API("some-api", {
routes: [{
path: "/some-path",
method: "OPTIONS",
eventHandler: async () => {
return {
statusCode: 200,
body: "",
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "*",
},
};
},
},{
path: "/some-path",
method: "GET",
eventHandler: async () => {
return {
statusCode: 200,
body: JSON.stringify({ someKey: "someVal" }),
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "*",
},
};
},
}],
...
});
sparse-tomato-56640
10/17/2019, 11:45 PMminiature-musician-31262
10/18/2019, 1:12 AMsparse-tomato-56640
10/18/2019, 1:33 AMpost
. interestingly, when i switch to get
it 403'sstocky-island-3676
10/18/2019, 2:44 PMOPTIONS
method. Missed that.
@sparse-tomato-56640 OPTIONS
also needs Access-Control-Allow-Methods
, according to https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html
That seems a good source to get it running, especially on AWS-API-Gateway.sparse-tomato-56640
10/18/2019, 4:07 PMstocky-island-3676
10/18/2019, 4:09 PMcurl -X OPTIONS endpoint
your endpoint?sparse-tomato-56640
10/18/2019, 5:05 PMstocky-island-3676
10/18/2019, 5:09 PMsparse-tomato-56640
10/18/2019, 5:10 PM< HTTP/2 200
< content-type: application/json
< content-length: 0
< date: Fri, 18 Oct 2019 17:09:34 GMT
< x-amzn-requestid: 2b9b7f68-25c4-4844-9add-65d425d61f67
< access-control-allow-origin: *
< access-control-allow-headers: Origin, Content-Type, X-Auth-Token
< x-amz-apigw-id: BxK4WFZHoAMF-wA=
< access-control-allow-methods: GET, POST, PATCH, PUT, DELETE, OPTIONS
< x-amzn-trace-id: Root=1-5da9f1ce-61cb1b84c0ef3958ce5325a0;Sampled=0
< x-cache: Miss from cloudfront
< via: 1.1 <http://94c9aa0ee34e7bae8cb5974b849101a4.cloudfront.net|94c9aa0ee34e7bae8cb5974b849101a4.cloudfront.net> (CloudFront)
< x-amz-cf-pop: LAX3-C2
< x-amz-cf-id: q9MCThj8zyfJ20otw5dvb98A81h4Qcg4BUfC2VlhK7wdS5-rXqpsag==
stocky-island-3676
10/18/2019, 5:12 PM‘Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token’
sparse-tomato-56640
10/18/2019, 5:17 PMAccess to XMLHttpRequest at 'URL_HERE' from origin '<http://localhost:3000>' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Accept: application/json, text/plain, */*
Authorization: Bearer BEARER_TOKEN_HERE
Referer: <http://localhost:3000/>
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36
x-api-key: API_KEY_HERE
stocky-island-3676
10/18/2019, 5:22 PMsparse-tomato-56640
10/18/2019, 5:22 PM