2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Hey there,
When you send a preflight request using OPTIONS, you need to include the Origin that you're coming from, and which Request Method you're checking should be allowed. You can do this by including the Origin
and Access-Control-Request-Method
headers.
Try using the following curl command, which asks the Lambda Function URL whether it can make a cross origin request from http://example.com
with a HTTP request method of DELETE
curl --location --request OPTIONS '<YOUR FURL HERE>' \
--header 'Origin: http://example.com' \
--header 'Access-Control-Request-Method: DELETE'
-v
The response I get from my test Function URL with the same CORS config that you've specified is:
> OPTIONS / HTTP/1.1
> Host: <My FURL>
> User-Agent: curl/7.64.1
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: DELETE
>
< HTTP/1.1 200 OK
< Date: Wed, 27 Apr 2022 14:50:31 GMT
< Content-Type: application/json
< Content-Length: 0
< Connection: keep-alive
< x-amzn-RequestId: fd7d31ab-604a-4cd0-9bae-ad9d83a74450
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: content-type,authorization,x-amz-date,x-api-key,x-amz-security-token
< Access-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE,PATCH
Let me know if this helps!
con risposta 2 anni fa
0
Thank you for your feedback. After some more testing, I can confirm that the lack of Origin
field in my api query was the root cause.
con risposta 2 anni fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
By the way, if you're curious, Lambda implements the RFC according to the steps specified here: https://www.w3.org/TR/2020/SPSD-cors-20200602/#resource-preflight-requests
The reason Lambda does not return CORS headers in your example request is because the
Origin
header was missing. In step 1, the specification says:Since the Origin header is not present, we don't proceed to the following steps and just return a response.