AWS::Serverless::HttpApi CorsConfiguration not working #2637
Comments
|
I have not gone into full detail on this, but from preliminary glance: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-httpapi.html#sam-httpapi-corsconfiguration AWS SAM requires that DefinitionBody be provided with openAPI definition for CORs to work. Closing this issue, please reach out if this does not solve it. |
|
Thanks, @sriram-mv for your response but, no, that does not help at all. I saw that doc already and I have to say it doesn't help either. It only mentions CORS works only if the I've tried this Resources:
MyApi:
Type: 'AWS::Serverless::HttpApi'
Properties:
StageName: !Ref 'StageName'
DefinitionBody:
openapi: 3.0.1
info:
title: !Ref 'AWS::StackName'
paths: {}
CorsConfiguration:
AllowCredentials: true
AllowMethods: "'GET,POST,OPTIONS'"
AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
AllowOrigins: "'http://localhost:9000'"
Auth:
Authorizers:
OAuth2Authorizer:
JwtConfiguration:
issuer: !Sub 'https://cognito-idp.${AWS::Region}.amazonaws.com/${UiUserPoolId}'
audience:
- !Ref UiUserPoolClientId
IdentitySource: '$request.header.Authorization'
Tags:
Environment: !Sub '${EnvironmentName}'As you can see, I'm specifying the And if I have to configure the |
|
This is very frustrating, after spending 2 days battling with documentation and getting things setup, i get hit by this. This is called an httpAPI this should be a straight forward thing to do. I will be abandoning SAM CLI due to this mess. |
|
Is the new HttpApi ready for production ? Is not only this that is not working, following all proper docs available online, I can't get anything working
Don't know what else I can do {
"stage": "dev",
"requestTime": "03/Jun/2021:09:56:21 +0000",
"sourceIp": "85.201.8.224",
"protocol": "HTTP/1.1",
"status": "500",
"httpMethod": "GET",
"requestId": "AV8S6j-SDoEEP9A=",
"routeKey": "GET /api/sequences/{sequence_id}",
"path": "/dev/api/sequences/sdsd",
"responseLength": "35",
"integration.status": "-",
"integration.error": "-",
"authorizer.error": "-",
"authorizer.integrationStatus": "-",
"authorizer.status": "-",
"integrationErrorMessage": "-",
"error.message": "Internal Server Error"
}AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: DataSet HTTP API and helper utilities
Parameters:
StageName:
Type: String
Default: dev
Description: (Required) Enter dev, test, stag, prod. Default is dev.
AllowedValues:
- dev
- test
- stag
- prod
Globals:
Function:
Timeout: 600
MemorySize: 512
Runtime: nodejs12.x
Environment:
Variables:
RUNTIME: online
STAGE: !Ref StageName
CodeUri: DataSet/
Api:
OpenApiVersion: '3.0.1'
# See https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessapi
BinaryMediaTypes:
- "*~1*"
Resources:
DataSetApi:
Type: AWS::Serverless::HttpApi
Properties:
StageName: !Ref StageName
# FailOnWarnings: True
DefaultRouteSettings:
DetailedMetricsEnabled: true
AccessLogSettings:
DestinationArn: !GetAtt DataSetApiAccessLogs.Arn
# See https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging-variables.html
Format: '{"stage":"$context.stage","requestTime":"$context.requestTime","sourceIp":"$context.identity.sourceIp","protocol":"$context.protocol","status":"$context.status","httpMethod":"$context.httpMethod","requestId":"$context.requestId","routeKey":"$context.routeKey","path":"$context.path","responseLength":"$context.responseLength","integration.status":"$context.integration.status","integration.error":"$context.integration.error","authorizer.error":"$context.authorizer.error","authorizer.integrationStatus":"$context.authorizer.integrationStatus","authorizer.status":"$context.authorizer.status","integrationErrorMessage":"$context.integrationErrorMessage","error.message":"$context.error.message"}'
Auth:
DefaultAuthorizer: JWTCustomAuthorizer
Authorizers:
JWTCustomAuthorizer:
FunctionPayloadType: REQUEST
FunctionArn: !GetAtt DataSetJWTAuthorize.Arn
FunctionInvokeRole: !GetAtt DataSetJWTAuthorizeRole.Arn
Identity:
Headers:
- X-Api-Key
AuthorizerPayloadFormatVersion: 2.0
EnableSimpleResponses: true
CorsConfiguration:
AllowOrigins:
- '*'
AllowHeaders:
- X-Api-Key
AllowMethods:
- OPTIONS
- HEAD
- GET
- POST
- PUT
- DELETE
- PATCH
MaxAge: 600
AllowCredentials: true
DataSetApiAccessLogs:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Join ["-", ["DataSetApiLogGroup", !Ref StageName]]
RetentionInDays: 30
# See https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
DataSetSequencesGetAllFunction:
Type: AWS::Serverless::Function
Properties:
Handler: services/DataSetSequencesGetAll.lambdaHandler
Events:
DataSetSequencesGetAll:
Type: HttpApi
Properties:
ApiId: !Ref DataSetApi
Path: /api/sequences
Method: get
PayloadFormatVersion: "2.0"
DataSetJWTCreateFunction:
Type: AWS::Serverless::Function
Properties:
Handler: services/DataSetJWTCreate.lambdaHandler
Events:
DataSetJWTCreate:
Type: HttpApi
Properties:
ApiId: !Ref DataSetApi
Path: /api/jwt
Method: post
PayloadFormatVersion: "2.0"
Auth:
Authorizer: "NONE"
DataSetJWTAuthorize:
Type: AWS::Serverless::Function
Properties:
Handler: services/DataSetJWTAuthorize.lambdaHandler
Runtime: nodejs12.x
Outputs:
# ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
# Find out more about other implicit resources you can reference within SAM
# https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
DataSetApiUrl:
Description: "API Gateway endpoint URL for the DataSet API"
Value: !Sub "https://${DataSetApi}.execute-api.${AWS::Region}.${AWS::URLSuffix}/${StageName}/"
DataSetApiId:
Description: Api id of DataSetApi
Value:
Ref: DataSetApiIf of any help, the authorizer lambda code for my test is also as documented here https://aws.amazon.com/blogs/compute/introducing-iam-and-lambda-authorizers-for-amazon-api-gateway-http-apis/ const createResponse = async (input) => {
console.debug('Create response from input started');
return Promise.resolve({
isAuthorized: true,
context: {},
});
};
const executor = async (event, context) => {
console.debug('Event processing started', { event, context });
const response = await createResponse({ event, context });
console.debug('Event processing completed, responding', response);
return response;
};
exports.lambdaHandler = executor; |
aws-sam-cli-bot
added
maintainer/need-followup
and removed
maintainer/need-followup
labels
|
I faced the similar problem but in my case, followings setup in template.yaml and Lambda function resolved the CORS in SAM with HTTP API. Hoping that would give you a hint to resolve your problems, I share it. Resources:
HelloWorldApi:
Type: AWS::Serverless::HttpApi
Properties:
DefinitionBody:
openapi: 3.0.1
info:
title: !Ref 'AWS::StackName'
paths: {}
CorsConfiguration:
AllowOrigins:
- "*"
AllowCredentials: true
AllowMethods:
- POST
AllowHeaders:
- Content-Type
- X-CSRF-TOKEN
HelloWorldFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Join
- '-'
- - hello_world
- !Ref Stage
CodeUri: hello_world/
Handler: app.lambda_handler
Runtime: ruby2.7
Events:
HelloWorld:
Type: HttpApi
Properties:
ApiId: !Ref MyApi
Path: /hello_world
Method: postdef lambda_handler(event:, context:)
{
statusCode: 200,
body: {
message: 'hello_world'
}.to_json,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": true,
"Access-Control-Allow-Methods": "POST",
"Access-Control-Allow-Headers": "Content-Type,X-CSRF-TOKEN",
}
}
endOn the other hand, I agree that the settings of HTTP API are a bit confusing... |
aws-sam-cli-bot
added
maintainer/need-followup
and removed
maintainer/need-followup
labels
|
For anyone seeing this page because of the issues described in this thread. I wasn't seeing the From: To: Notice $ curl 'http://localhost:6666/example' \
-X 'OPTIONS' -i
HTTP/1.0 200 OK
Access-Control-Allow-Origin: http://localhost:1234
Access-Control-Allow-Methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
Access-Control-Allow-Headers: AuthorizationThank you @kakudaisuke for sharing your config, helped me spot this. |
aws-sam-cli-bot
added
maintainer/need-followup
and removed
maintainer/need-followup
labels
|
As of SAM CLI 1.9 I can confirm that LIST for CorsConfiguration is the way to go. My super secure CORS config. Now I'm on to figuring out why Authorization is not showing up.... Confirming that also Authorizer Audience is this same way. As in... Now both CorsConfig and Authorizer show up!!! Thanks for posting, this really helped me out. Perhaps the real issue, and one that I keep finding, is that there are so many changes to AWS SAM and AWS Resource's that are not reflected in the documentation yet or many of the posts that are written by AWS as well as many developers in the community. This condition certainly creates lot's of frustration. However, the prize is worth it. |
|
The Aws documentation for CORS Configuration shows that the
I believe the documentation label can be removed. |
|
I had the same issue with CORS and after digging for a while I have tested the same configuration without OPTIONS method allowed which is used for preflight and it worked. hope this helps |
Description:
I have an
AWS::Serverless::HttpApiresource with theCorsConfigurationproperty. The template deploys ok and I can get a successful response from the endpoint sending aGETrequest using Postman but, anOPTIONrequest returns error 404.Steps to reproduce:
Here is my template
Observed result:
After deploying the template, if I go to the API Gateway console and open the CORS page this is what I see
As you can see, there is no value set. If I send a
GETto/v0/globalNotificationit works ok, but sending anOPTIONSto the same endpoint fails with a 404 error.Am I missing something? Is my template wrong?
Expected result:
Send an
OPTIONSrequest works as expected.Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
sam --version: 1.18.1The text was updated successfully, but these errors were encountered: