Enable CORS when using AWS API Gateway Request Validator
I setup AWS API Gateway with CORS successfully, when a request is valid I have a 200 status code and also CORS headers, that's nice.
But when AWS API Gateway Request Validator detects an invalid input, I have the status code is 400 but CORS headers are not sent...
That's really unfortunate, because the client sees a CORS errors instead of a real 400 error (for exemple with fetch the client is not able to distinguish 400 errors because of CORS errors).
This question may be related to Get detailed error messages from AWS API Gateway Request Validator
I came to this answer through a discussion about using serverless to deploy CORS services and dealing with errors thrown from API Gateway: https://github.com/serverless/serverless/issues/3896#issuecomment-333910525
Basically, you need to go to API Gateway, select your API, then select Gateway Responses. You can then add headers for any 4XX or 5XX response.
This will allow 400 errors thrown from API Gateway to work with CORS, since you're adding the needed headers here.
- Cors configuration
- What is an opaque response, and what purpose does it serve?
- Blocked by CORS policy despite domain name present in server side file
- Servers that supports CORS?
- CORS with spring-boot and angularjs not working
- Understanding CORS
- How fix CorsOptions for Rocket?
- CORS actix-web Access to XMLHttpRequest has been blocked by CORS policy
- Http-only cookie in response header from backend, but not being stored in client browser
- CORs Error only when trying to send a file to the API
- Configure CORS policy for Spring Cloud Gateway
- Spring Boot Restful Service and CORS problem
- Why is CSRF protection needed for connecting to websockets if Spring Security implements Same Origin Policy at server level?
- Why am i getting 405 Method Not Allowed while doing a POST Request
- ASP.NET Core 8 Web API + Ajax call to controller: Completely disable Cors
- The 'Access-Control-Allow-Origin' Header Contains Multiple Values. However I Only Have One Value Defined in the Header?
- Bean is expected to be of type CorsFilter but was actually of type UrlBasedCorsConfigurationSource with Spring Security 6
- CORS, SQLite and JavaScript. Any way to access the actual database without a local server?
- Cors error between spring boot and angular
- Access-Control-Allow-Origin wildcard subdomains, ports, and protocols
- YII 2 REST CORS issue on remote server
- Enable Access-Control-Allow-Origin for multiple domains in Node.js
- How to manage CORS policy properly in express?
- Third-party cookie will be blocked - warning, not able to logout
- How do i allow a CORS requests in my google script?
- Trying to access API but keep getting CORS errors. Client says the API is public. Who is right?
- How do I configure actix-web to accept CORS requests from any origin?
- How to overcome the CORS issue in ReactJS
- Global CSS is not properly loading with SSG in Next JS - CORS error?
- Nest.js is giving cors error even when cors is enabled