Home > Back-end >  Serverless aws httpApi cors setting
Serverless aws httpApi cors setting

Time:11-15

provider:
  name: aws
  runtime: nodejs12.x
  lambdaHashingVersion: '20201221'
  role: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  httpApi:
    cors:
      allowedOrigins:
        - '*'
      allowedMethods:
        - GET
        - OPTIONS
        - POST
        - PUT
        - DELETE
      allowedHeaders:
        - Content-Type
        - X-Amz-Date
        - Authorization
        - X-Api-Key
        - X-Amz-Security-Token
        - X-Amz-User-Agent
        - X-Transaction-Key
        - Access-Control-Allow-Origin
        - Access-Control-Allow-Methods
        - Access-Control-Allow-Headers
        - Access-Control-Allow-Credentials

functions:

  getOTP:
    handler: xxxx/xxxx.yyyy
    events:
      - httpApi:
          path: /xxxx/yyyy
          method: POST
      - httpApi:
          path: /xxxx/yyyy
          method: OPTIONS
module.exports.yyyy= async (event) => {
  const body = JSON.parse(event.body);


  return {
    statusCode: 200,
    headers: {
      "Access-Control-Allow-Origin": "*", // Required for CORS support to work
      "Access-Control-Allow-Credentials": true, // Required for cookies, authorization headers with HTTPS
      "Access-Control-Allow-Headers" : "*",
      "Access-Control-Allow-Methods": "*",
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      message: "yayay",
    }),
 };

Sorry for bad English. I am using a serverless framework to build API services. I just follow the serverless documentation to build httpApi events on aws. But the cors setting does not work. This is my yml file and sample code.

CodePudding user response:

There are plenty of explaination for the CORS on httpAPI.

  1. Adding x-api-key in the Access-Control-Allow-Headers
  2. Explicitly define your route methods

Refer here

CodePudding user response:

Have you tried setting the cors config at the function level instead of the service level?

functions:

  getOTP:
    handler: xxxx/xxxx.yyyy
    events:
      - http:
          path: /xxxx/yyyy
          method: POST
          cors: true
  • Related