AWS API Gateway CORS ok for OPTIONS fail for POST

+1 vote

I've looked at the other related questions on SO but this seems different. In fact, my question is very similar to this one, except I don't have the 400 status issue.

The set up:

  • lambda function through API Gateway
  • Authorization: None, API KEY Required: false

  • deploying to stage: test

  • 1 resource, 1 POST method integrating the lambda.

  • Calling the POST endpoint directly e.g. with curl always returns 200 (with/without payload, bad payload, etc.) - so that's different from the referenced question.

I've used the "Enable CORS" option - I've tried applying this option on both the resource, and the POST request (and deploying the API afterwards).

In API GW, I can see Access-Control-Allow-Origin listed in 200 Response Headers under POST method - Method Response area.

Result: Calling the endpoint from client code in Chrome, OPTIONS passes but POST fails due to missing Access-Control-Allow-Origin header.

In curl: OPTIONS call

curl -X OPTIONS -H "Access-Control-Request-Method: POST" \
     -H "Access-Control-Request-Headers: Content-Type" \
     -H "Origin: http://example.com" --verbose <endpoint>

the response is:

< HTTP/1.1 200 OK
< Content-Type: application/json
...
< Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
< Access-Control-Allow-Methods: POST,OPTIONS
< Access-Control-Allow-Origin: *
...

but with POST:

curl -X POST -d '{}' -H "Content-Type: application/json" \
     -H "Origin: http://example.com" --verbose <endpoint>

it returns:

< HTTP/1.1 200 OK
< Content-Type: application/json
...

and the response json body - but no Access-anything header.

What else can I check?

Oct 9, 2018 in AWS by eatcodesleeprepeat
 • 4,710 points 5,044 views

1 answer to this question.

0 votes

The problem has been that the API gateway has called my lambda function using the "Lambda Proxy Integration" option checked.

I believe this is activated by default when adding a API gateway trigger to a newly created lambda function.

When inside the API Gateway - Resource - Method view, the "Integration Response" box is greyed out and it seems there's no way (even for the Enable CORS function) to add a Access-Control-Allow-Origin header there, which according to @Abhigna_Nagaraja is required.

Solution: If using "Lambda Proxy Integration", add the 'Access-Control-Allow-Origin': '*' header to your lambda function.

Even better: in the same view - Integration Request, turn off "Lambda Proxy Integration" and Enable CORS again (deploy afterwards).

(Then, in the callback, you'll have to return just the payload json instead of the { statusCode, headers, body } object.)

Update:

Some useful reads if you're unsure whether to return request response status information in http status codes or in the json payload:

http status vs json status

json status standards

answered Oct 9, 2018 by Priyaj
 • 58,090 points

Related Questions In AWS

0 votes
1 answer

How to Enable CORS for an AWS API Gateway Resource

Since you're using Lambda Proxy integration for ...READ MORE

answered Jul 10, 2018 in AWS by Hammer
 • 360 points 3,777 views
0 votes
1 answer

How to set the client certificate for AWS API gateway deployment stage using aws-cli

You'll need to use aws api-gateway update-domain-name. http://docs ...READ MORE

answered Jul 13, 2018 in AWS by Priyaj
 • 58,090 points 1,869 views
0 votes
1 answer

Enable CORS for API Gateway in Cloudformation template

After some trial and error, I found ...READ MORE

answered Oct 9, 2018 in AWS by Priyaj
 • 58,090 points 7,490 views
+1 vote
3 answers

Invoking AWS Lambda API Gateway vs Direct Invocation

Most of the time, adding API Gateway ...READ MORE

answered Apr 17, 2018 in AWS by Flying geek
 • 3,280 points 4,609 views
0 votes
1 answer

How to make ApiGateway point to specific Lambda bias

You actually need to make changes to ...READ MORE

answered Dec 21, 2018 in AWS by Archana
 • 5,640 points 1,022 views
0 votes
1 answer

how to access AWS S3 from Lambda in VPC

With boto3, the S3 urls are virtual by default, ...READ MORE

answered Sep 28, 2018 in AWS by Priyaj
 • 58,090 points 9,599 views
0 votes
1 answer

CORS in AWS API Gateway + AWS Lambda

You could try downloading the AWS APIG ...READ MORE

answered Oct 9, 2018 in AWS by Priyaj
 • 58,090 points 3,816 views
0 votes
1 answer

Unable to connect to putty and winscp

Check if the FTP ports are enabled ...READ MORE

answered Jul 20, 2018 in Cloud Computing by Gopalan
 • 1,360 points 1,819 views
0 votes
1 answer

Fail to enable CORS for API Gateway functions

Firstly please select your root resource and ...READ MORE

answered Oct 9, 2018 in AWS by Priyaj
 • 58,090 points 8,902 views
+1 vote
3 answers

Not able to pass params POST to AWS Lambda from Amazon API Gateway

For this template : application/x-www-form-urlencoded  This line below will ...READ MORE

answered Jun 13, 2018 in AWS by Cloud gunner
 • 4,670 points 8,366 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.