Lamba url + .net core api, how to remove duplicate cors 'Access-Control-Allow-Origin'


From the chrome console. Access to fetch at 'https://lambdaurl' from origin 'https://localhost:5002' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

It looks like both the core web api and lambda are adding the 'Access-Control-Allow-Origin':* header and chrome is not happy. Is there a way to configure lambda url to not duplicate the header.

  • Can you provide more details around what you were doing?

asked a year ago377 views
1 Answer
Accepted Answer

If you handle CORS in your .NET code, you can deactivate the automatic CORS handling for the Lambda function. This option can be deactivated either using AWS Management Console or via AWS CLI. If you deploy your function using IaC (e.g. CloudFormation or SAM), do not set the corresponding configuration there, that means - do not specify the Cors or FunctionUrlConfig object.

Note that automatic CORS handling is deactivated by default.

You could also read this blog post which explains how to configure Lambda URLs.

Alternatively, you can leverage the Lambda function functionality to automatically handle CORS for you. Then, you should remove the CORS configuration from your .NET Web API initialization code (AddCors() and UseCors() methods).

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions