2 回答
- 最新
- 投票最多
- 评论最多
0
Hey there,
When you send a preflight request using OPTIONS, you need to include the Origin that you're coming from, and which Request Method you're checking should be allowed. You can do this by including the Origin
and Access-Control-Request-Method
headers.
Try using the following curl command, which asks the Lambda Function URL whether it can make a cross origin request from http://example.com
with a HTTP request method of DELETE
curl --location --request OPTIONS '<YOUR FURL HERE>' \
--header 'Origin: http://example.com' \
--header 'Access-Control-Request-Method: DELETE'
-v
The response I get from my test Function URL with the same CORS config that you've specified is:
> OPTIONS / HTTP/1.1
> Host: <My FURL>
> User-Agent: curl/7.64.1
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: DELETE
>
< HTTP/1.1 200 OK
< Date: Wed, 27 Apr 2022 14:50:31 GMT
< Content-Type: application/json
< Content-Length: 0
< Connection: keep-alive
< x-amzn-RequestId: fd7d31ab-604a-4cd0-9bae-ad9d83a74450
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: content-type,authorization,x-amz-date,x-api-key,x-amz-security-token
< Access-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE,PATCH
Let me know if this helps!
已回答 2 年前
0
Thank you for your feedback. After some more testing, I can confirm that the lack of Origin
field in my api query was the root cause.
已回答 2 年前
相关内容
- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前
By the way, if you're curious, Lambda implements the RFC according to the steps specified here: https://www.w3.org/TR/2020/SPSD-cors-20200602/#resource-preflight-requests
The reason Lambda does not return CORS headers in your example request is because the
Origin
header was missing. In step 1, the specification says:Since the Origin header is not present, we don't proceed to the following steps and just return a response.