These are my settings in the AWS CDK:
const api = new HttpApi(this, "bundled-api", {
corsPreflight: {
allowCredentials: true,
allowHeaders: [
"authorization",
"mama-trace-id",
"content-type",
"test-header",
],
allowMethods: [
CorsHttpMethod.GET,
CorsHttpMethod.POST,
CorsHttpMethod.PUT,
CorsHttpMethod.PATCH,
CorsHttpMethod.OPTIONS,
CorsHttpMethod.HEAD,
],
allowOrigins: domainList,
},
disableExecuteApiEndpoint: true,
defaultDomainMapping: {
domainName: this.domainName,
},
defaultAuthorizer: lambdaAuthorizer,
});
The console shows this:
But this is my preflight response:
As one can see, the Access-Control-Allow-Methods
is set to *
, even tough the console says so differently. Is this a bug or am I doing something wrong? I have disabled cache in my browser and I have recently added "test-header" to the allowed headers and it shows up. So this cannot be a caching issue.
Additional Information: I am using a HttpAlbIntegration
with:
const mapToRoot = new ParameterMapping().overwritePath({
value: "/$request.path.proxy",
});