API Gateway CORS: no 'Access-Control-Allow-Origin' header

+3 votes

Although CORS has been set up through API Gateway and the Access-Control-Allow-Origin header is set, I still receive the following error when attempting to call the API from AJAX within Chrome:

XMLHttpRequest cannot load http://XXXXX.execute-api.us-west-2.amazonaws.com/beta/YYYYY. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.

I attempted to GET the URL through Postman and it shows the above header is successfully passed:

Passed headers

And from the OPTIONS reponse:

Response headers

How can I call my API from the browser without reverting to JSON-P?

Oct 9, 2018 in AWS by eatcodesleeprepeat
• 4,750 points

1 answer to this question.

+2 votes
Best answer

I get the same problem. I have used 10hrs to findout.


// handler.js

'use strict';

module.exports.hello = function(event, context, callback) {

const response = {
  statusCode: 200,
  headers: {
    "Access-Control-Allow-Origin" : "*", // Required for CORS support to work
    "Access-Control-Allow-Credentials" : true // Required for cookies, authorization headers with HTTPS 
  body: JSON.stringify({ "message": "Hello World!" })

callback(null, response);
answered Oct 9, 2018 by Priyaj
• 57,510 points

selected Dec 10, 2019 by Kalgi
Thank you!
You saved me so much trouble :)
Hello @Shalakha, if the answer has helped you, please register at Edureka Community and upvote the answer.

Thank you!

Related Questions In AWS

0 votes
1 answer

How to Enable CORS for an AWS API Gateway Resource

Since you're using Lambda Proxy integration for ...READ MORE

answered Jul 10, 2018 in AWS by Hammer
• 360 points
0 votes
1 answer
0 votes
2 answers
+1 vote
1 answer
0 votes
1 answer
0 votes
1 answer

Fail to enable CORS for API Gateway functions

Firstly please select your root resource and ...READ MORE

answered Oct 9, 2018 in AWS by Priyaj
• 57,510 points
0 votes
1 answer