All geek questions in one place

Problem with Gateway CORS API

So, I have CORS that allows me to go through the basic setup provided by AWS Gateway. However, for this API, I need to enable Origins control for all requests and allow credentials.

Here is what it looks like

enter image description here

The problem you might have guessed is that CORS is not resolved, you cannot have a wildcard for Origin and have credentials as true. Usually the job for this is to simply grab the requesting domain and add it to the Origin header. This is more or less what I want to do. But I do not know how to get this information and add it as a display value. Where does the Gateway API store this information and how to get it?

UPDATE: I have to go through the HTTP Header Host to my Lambda function, which I should have mentioned earlier, I tried to implement the answer below, but I can’t access the header to pass it to the Lambda function using the provided instructions. Any help on this is welcome.

+4
source share
2 answers

Good. After several hours of researching and searching for bits of information over the Internet, I have a solution and hopefully it is useful to other people.

To pass an HTTP header, which is not the default value provided by the AWS API Gateway, and then access this data through the Lambda function and return this data in the response header, follow these steps

  • " " " HTTP" . . URL- API, "Host". , "Origin"

  • " " , "application/json" , .

, , 1. - .

{
   "origin" : "$input.params().header.Origin",
   "host" : "$input.params().header.Host"
}

URL-, JSON.

  1. Lambda. "" Node Lambda Backend. .

    event.origin;

  2. Lambda Gateway API JSON. - .

    { 
   "origin" : event.origin,
   "host" : event.host,
   "nonHeaderOutput" : "Hello World"
}

  3. " " " ", , "Method Response", . "Access-Control-Allow-Origin" integration.response.body.origin

  4. " " , , ,

    $input.path("$.nonHeaderOutput")

, API, Response.

+5

API Gateway. . " CORS" . , , .

Origin / Access-Control-Allow-Origin. "integration.response.header.Access-Control-Allow-Origin" Access-Control-Allow-Origin .

, .

, Jurgen

+3

Source: https://habr.com/ru/post/1627849/

More articles:


All Articles