Lambda函数的URL在静态前端收到CORS失败。

huangapple
go评论70阅读模式
英文:

Lambda function url receives CORS failure from static frontend

问题

I have a lambda function url configured as https://xxxx.lambda-url.us-east-1.on.aws/ that I am able to access via postman/curl with a successful response, but I get the following error when attempting to use an XHR request from a JavaScript frontend on a static site (hosted with Netlify).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxx.lambda-url.us-east-1.on.aws/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxx.lambda-url.us-east-1.on.aws/. (Reason: CORS request did not succeed). Status code: (null).

I have configured the lambda's function url as follows via terraform:

resource "aws_lambda_function_url" "contact-mailer-endpoint" {
    function_name = aws_lambda_function.lambda_ses_fn.function_name
    authorization_type = "NONE"

    cors {
        allow_credentials   = true
        allow_methods       = ["*"]
        allow_origins       = ["*"]
        allow_headers       = ["date", "keep-alive", "X-Requested-With", "Access-Control-Allow-Origin", "Origin"]
        expose_headers      = ["date", "keep-alive", "X-Requested-With", "Access-Control-Allow-Origin", "Origin"]
        max_age             = 0
    }
}

And I am hitting the endpoint via the following javascript code:

let xhr = new XMLHttpRequest()

xhr.onreadystatechange = () => {
    if (xhr.readyState === 4){
        if (xhr.status === 200){
            ...
        }
        else {
            ...
        }
    }
}
xhr.open('POST', 'https://xxxx.lambda-url.us-east-1.on.aws/')
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('Access-Control-Allow-Origin', '*');
xhr.setRequestHeader('Origin', 'https://site-i-am-currently-on.com'); //contains actual website url
xhr.send(body)

I believe I am adding some unnecessary data on the frontend, but it seems as though my cors policy is appropriate according to the console with the wildcard (*) operator on "Allow origin". Is there a reason this provides a CORS error?

英文:

I have a lambda function url configured as https://xxxx.lambda-url.us-east-1.on.aws/ that I am able to access via postman/curl with a successful response, but I get the following error when attempting to use an XHR request from a JavaScript frontend on a static site (hosted with Netlify).

> Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxx.lambda-url.us-east-1.on.aws/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

> Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxx.lambda-url.us-east-1.on.aws/. (Reason: CORS request did not succeed). Status code: (null).

I have configured the lambda's function url as follows via terraform:

resource "aws_lambda_function_url" "contact-mailer-endpoint" {
    function_name = aws_lambda_function.lambda_ses_fn.function_name
    authorization_type = "NONE"

    cors {
        allow_credentials   = true
        allow_methods       = ["*"]
        allow_origins       = ["*"]
        allow_headers       = ["date", "keep-alive", "X-Requested-With", "Access-Control-Allow-Origin", "Origin"]
        expose_headers      = ["date", "keep-alive", "X-Requested-With", "Access-Control-Allow-Origin", "Origin"]
        max_age             = 0
    }
}

And I am hitting the endpoint via the following javascript code:

let xhr = new XMLHttpRequest()

            xhr.onreadystatechange = () => {
                if (xhr.readyState === 4){
                    if (xhr.status === 200){
                        ...
                    }
                    else {
                        ...
                    }
                }
            }
            xhr.open('POST', 'https://xxxx.lambda-url.us-east-1.on.aws/')
            xhr.setRequestHeader('Content-Type', 'application/json');
            xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
            xhr.setRequestHeader('Access-Control-Allow-Origin', '*');
            xhr.setRequestHeader('Origin', 'https://site-i-am-currently-on.com'); //contains actual website url
            xhr.send(body)

I believe I am adding some unneccesary data on the frontend, but it seems as though my cors policy is appropriate according to the console with the wildcard (*) operator on "Allow origin". Is there a reason this provides a CORS error?

Lambda函数的URL在静态前端收到CORS失败。

答案1

得分: 1

为解决CORS问题,你可以选择从XMLHTTPRequest中移除以下的Content-Type头部配置代码。如果你移除它,Lambda将使用application/json作为默认内容类型。

OR

配置你的Lambda函数以接受API请求中的content-type头部。

英文:

To resolve the CORS issue,

You can either remove the following Content-Type header configuration code from the XMLHTTPRequest. If you remove it, the lambda will use application/json as a default content type.

// xhr.setRequestHeader('Content-Type', 'application/json');

OR

Configure your lambda function to accept the content-type header on API requests.

huangapple
  • 本文由 发表于 2023年7月3日 12:48:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/76601899.html
  • amazon-web-services
  • aws-lambda
  • cors
  • http-headers
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定