- Newest
- Most votes
- Most comments
Hello,
The issue you're facing is likely due to the way AWS API Gateway handles CORS preflight requests. By default, API Gateway does not automatically handle CORS preflight requests for HTTP APIs.
If you don't have any stages defined in your HTTP API Gateway, and you're using the default stage, follow the below steps:
1.Create a new route for the OPTIONS method with the same path as your existing route (e.g., /{proxy+}). 2.For the new OPTIONS route, configure a mock integration to return the necessary CORS headers in the response:
{
"statusCode": 200,
"headers": {
"Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'",
"Access-Control-Allow-Origin": "'*'",
"Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE'"
}
}
- Configure the OPTIONS route to bypass the JWT Authorizer by setting the authorization type to "None".
After these steps, the CORS preflight requests should be handled correctly, and you should no longer receive the 403 Forbidden error.
I have no stages so there is only the "default" stage
Thanks for confirming
Have you deployed all the changes to the resource to the correct stage? Just wanting to ensure that base is covered
How do I have to configure this Mock Integration? In the Management Console I can not find an option to add a Mock integration? As far as I know this option is only possible on REST API Gateway.
Relevant content
- asked 2 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 7 months ago
I created a small Lambda function that is called by the OPTIONS route. This lambda is returning the necessary CORS headers