英文:
Lambda function url receives CORS failure from static frontend
问题
I have a lambda function url configured as https://xxxx.lambda-url.us-east-1.on.aws/ that I am able to access via postman/curl with a successful response, but I get the following error when attempting to use an XHR request from a JavaScript frontend on a static site (hosted with Netlify).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxx.lambda-url.us-east-1.on.aws/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxx.lambda-url.us-east-1.on.aws/. (Reason: CORS request did not succeed). Status code: (null).
I have configured the lambda's function url as follows via terraform:
resource "aws_lambda_function_url" "contact-mailer-endpoint" {
function_name = aws_lambda_function.lambda_ses_fn.function_name
authorization_type = "NONE"
cors {
allow_credentials = true
allow_methods = ["*"]
allow_origins = ["*"]
allow_headers = ["date", "keep-alive", "X-Requested-With", "Access-Control-Allow-Origin", "Origin"]
expose_headers = ["date", "keep-alive", "X-Requested-With", "Access-Control-Allow-Origin", "Origin"]
max_age = 0
}
}
And I am hitting the endpoint via the following javascript code:
let xhr = new XMLHttpRequest()
xhr.onreadystatechange = () => {
if (xhr.readyState === 4){
if (xhr.status === 200){
...
}
else {
...
}
}
}
xhr.open('POST', 'https://xxxx.lambda-url.us-east-1.on.aws/')
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('Access-Control-Allow-Origin', '*');
xhr.setRequestHeader('Origin', 'https://site-i-am-currently-on.com'); //contains actual website url
xhr.send(body)
I believe I am adding some unnecessary data on the frontend, but it seems as though my cors policy is appropriate according to the console with the wildcard (*) operator on "Allow origin". Is there a reason this provides a CORS error?
英文:
I have a lambda function url configured as https://xxxx.lambda-url.us-east-1.on.aws/ that I am able to access via postman/curl with a successful response, but I get the following error when attempting to use an XHR request from a JavaScript frontend on a static site (hosted with Netlify).
> Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxx.lambda-url.us-east-1.on.aws/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
> Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxx.lambda-url.us-east-1.on.aws/. (Reason: CORS request did not succeed). Status code: (null).
I have configured the lambda's function url as follows via terraform:
resource "aws_lambda_function_url" "contact-mailer-endpoint" {
function_name = aws_lambda_function.lambda_ses_fn.function_name
authorization_type = "NONE"
cors {
allow_credentials = true
allow_methods = ["*"]
allow_origins = ["*"]
allow_headers = ["date", "keep-alive", "X-Requested-With", "Access-Control-Allow-Origin", "Origin"]
expose_headers = ["date", "keep-alive", "X-Requested-With", "Access-Control-Allow-Origin", "Origin"]
max_age = 0
}
}
And I am hitting the endpoint via the following javascript code:
let xhr = new XMLHttpRequest()
xhr.onreadystatechange = () => {
if (xhr.readyState === 4){
if (xhr.status === 200){
...
}
else {
...
}
}
}
xhr.open('POST', 'https://xxxx.lambda-url.us-east-1.on.aws/')
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('Access-Control-Allow-Origin', '*');
xhr.setRequestHeader('Origin', 'https://site-i-am-currently-on.com'); //contains actual website url
xhr.send(body)
I believe I am adding some unneccesary data on the frontend, but it seems as though my cors policy is appropriate according to the console with the wildcard (*) operator on "Allow origin". Is there a reason this provides a CORS error?
答案1
得分: 1
为解决CORS问题,你可以选择从XMLHTTPRequest中移除以下的Content-Type头部配置代码。如果你移除它,Lambda将使用application/json作为默认内容类型。
OR
配置你的Lambda函数以接受API请求中的content-type头部。
英文:
To resolve the CORS issue,
You can either remove the following Content-Type header configuration code from the XMLHTTPRequest. If you remove it, the lambda will use application/json as a default content type.
// xhr.setRequestHeader('Content-Type', 'application/json');
OR
Configure your lambda function to accept the content-type header on API requests.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论