By using AWS re:Post, you agree to the AWS re:Post Terms of Use

API gateway runs into preflight issue forever after adding a specific Content-Type

0

Hi,

I faced this issue multiple times and I believe this is easily reproducible.

  1. Build a new Restful API with proxy lambda integration.
  2. Add "Accept" header in "Method request" option and "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" in "Method Response" option.
  3. Test it from a client app (JS). Boom! The API gateway nevers works from on -> Even if you delete the resource and create a new one.

Header in Method Request tab

Integration Request lambda proxy

Method response Content-Types

Lambda code to return a file

Javascript code to download the file

Binary type

Please be aware that the CORS is configured too.

After running this once, the API gateway never works despite deleting the resources(test in this case) and creating new ones.

2 Answers
1
Accepted Answer

I've figured it out and adding the answer here as it may help one in the community.

Basically all the APIs started working after I specified the expected "Accept" and "Content-Type" headers from client and server side code respectively, and removed the header addition from the Method request and Method response options of API Gateway console.

I've strictly added the "Accept" header for my normal APIs which is usually application/json and for the binary that I'm expecting, I am adding application/vnd.openxmlformats-officedocument.spreadsheetml.sheet. In the "Content-Type" header that I send as the proxy response from lambda, I add the same values appropriately.

This solved the strange issue of no APIs working after adding the binary type. I'm still confused as to how the API worked fine during the first try of fetching a binary content :|

answered a month ago
profile picture
EXPERT
reviewed a month ago
1

The issue you're experiencing with the API Gateway and preflight requests is likely related to Cross-Origin Resource Sharing (CORS) configuration. When you add a specific Content-Type like "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" to your API, it triggers a preflight request from the browser, which needs to be handled correctly.

To resolve this issue:

  1. Ensure that you have an OPTIONS method configured for your resource. This is necessary to handle preflight requests.

  2. For the OPTIONS method, set up a mock integration with the following CORS headers:

    • Access-Control-Allow-Headers: 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'
    • Access-Control-Allow-Methods: '*' (or specify the methods you want to allow)
    • Access-Control-Allow-Origin: '*' (or specify the allowed origins)
  3. Set the integration passthrough behavior to NEVER for the OPTIONS method.

  4. For your Lambda proxy integration, make sure your Lambda function is returning the necessary CORS headers in its response. This is crucial because, in a proxy integration, the backend (your Lambda function) is responsible for returning these headers.

  5. In your Lambda function, include the following headers in the response:

    • Access-Control-Allow-Origin: '*' (or your specific allowed origin)
    • Access-Control-Allow-Headers: 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'
    • Access-Control-Allow-Methods: 'GET,POST,OPTIONS' (or the methods you're using)
  6. If you're using binary content (which seems likely given the spreadsheet Content-Type), ensure that you've added the content type to the binary media types list in your API settings.

  7. When making requests from your JavaScript client, make sure you're setting the correct 'Accept' header to match the content type you're expecting.

If the issue persists even after deleting and recreating resources, it's possible that there might be some caching at play. Try clearing your browser cache or using a different browser to test. Also, consider deploying your API to a new stage to ensure you're not hitting a cached version of your API.

Remember, when dealing with non-simple requests (which include custom content types), proper CORS configuration is crucial for the API to function correctly across different origins.
Sources
CORS for REST APIs in API Gateway - Amazon API Gateway
Cross-origin resource sharing support and Amazon EC2 - Amazon Elastic Compute Cloud
Set up a proxy integration with a proxy resource - Amazon API Gateway
Content type conversions in API Gateway - Amazon API Gateway

profile picture
answered a month ago
profile picture
EXPERT
reviewed a month ago
  • I feel this to be a bug

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions