Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS API Gateway No 'Access-Control-Allow-Origin' header is present

I'm stuck on an issue with API gateway and I've gone through all the other SO answers on this, AWS forums and have been through their docs but still no joy.

I am trying to setup an API using AWS API gateway which calls a Lambda function which reads/writes to a table in DynamoDB.

The Lambda function to DynamoDB is working. I have created an API in AWS, and created a GET and OPTIONS methods for it. I read AWS does not enforce the OPTIONS for only GET/POST but i was getting a preflight error in my ajax call when there was no OPTIONS method so I added one.

For now just to make progress I am not using an API key or Authorization. I can successfully call my GET method using POSTMAN, which returns the contents of the DynamoDB table.

But when i try using a JQuery ajax call i get

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. 

I can see using Chrome dev tools under the network tab, the OPTIONS method returning status 200 and the GET returns status 200 but with the above error.

I have tried enabling CORS on both the OPTIONS and GET methods, have re-deployed the API after every change, have tried the following (http://enable-cors.org/server_awsapigateway.html) but always get the same error in the console.

I am executing the ajax call from a file on my desktop so origin is null as the page will be deployed to S3 as its a single web page application in JS.

When I enabled CORS on my GET and OPTIONS i can see that Access-Control-Allow-Headers is 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token' and Access-Control-Allow-Origin* is '*'

My Ajax call looks like below. I also tried copying the exact headers POSTMAN uses, which has the Authorization header set (which i have turned off in AWS for now) but i always get the same error above

var awsHeaders = {}; awsHeaders['X-Amz-Date'] = '20161127T171734';  $('#add, #cloud').click(function() {      $.ajax({          type: 'GET',         headers: awsHeaders,         dataType : "json",         url: '...',         success: function (res) {              console.log('response in GET:');             console.log(res);          },         error: function(data) {             console.log('in error');             console.log(data);         }      });  }); 

Can anyone shed light on what i might be missing?

Many thanks

Update See answer below regarding how I solved this as per DigitalKapteain comments - by setting the 'Access-Control-Allow-Origin':'*' header in the response from my Lambda function. I looked for this in the AWS docs but couldn;t find it. This link describes the difference between Lambda and Lambda Proxy and explains what to do when using CORS https://serverless.com/framework/docs/providers/aws/events/apigateway/

like image 629
user12345 Avatar asked Nov 27 '16 18:11

user12345


People also ask

How do I fix the CORS issue in AWS API gateway?

Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.

How do I fix CORS header Access-Control allow Origin missing?

If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.

How do you solve no Access-Control allow Origin header is present on the requested resource?

No Access-Control-Allow-Origin header is present CORS stands for Cross Origin Resource Sharing which means one website cannot perform an AJAX request against it if the server being called does not have CORS enabled. The solution involves add cors to express.


2 Answers

The response for the GET request to the Lambda function must also contain the Access-Control-Allow-Originheader.

like image 148
Digitalkapitaen Avatar answered Oct 12 '22 01:10

Digitalkapitaen


Digitalkapitaen's answer is correct; here is the code to save someone the trouble of looking up how to set an HTTP response header in Lambda:

exports.handler = function(event, context, callback) {     callback(null, {         "statusCode": 200,         "headers": {              "Access-Control-Allow-Origin": "*"          }     }); }; 
like image 29
Jesus is Lord Avatar answered Oct 12 '22 00:10

Jesus is Lord