https://serverless-stack.com/ logo
Join Slack
Powered by
Hi all, question on CORS. Why do we have to config...
# help
a
Hi all, question on CORS. Why do we have to configure it in both Api construct and lambda responses? Are they for different purpose?
t
I don't think you need to configure it in the lambda response
a
t
ah - I believe you can do all the settings in the api if you want and they will apply globally. This example shows setting some globally and setting others on the specific endpoint through the lambda
a
i see. that makes sense
s
For ‘Enabling CORS support for Lambda or HTTP proxy integrations’ it is required
If you use REST API
In such scenario, it is not enough to set CORS on API level only, CORS headers must be included in the response
a
thanks for the info. But I wonder what is API level setting’s role in this case? Do they serve like a pre-filter before forwarding the request to corresponding lambda?
so if it is set false, then it would include CORS headers without invoking lambda. But if it is set to true, then it requires lamda functions to return the said headers?
s
According to the AWS doc in the link it is how API Gateway treat response in the proxy case, this fragment:
For a Lambda proxy integration or HTTP proxy integration, you can still set up the required OPTIONS response headers in API Gateway. However, your backend is responsible for returning the Access-Control-Allow-Origin and Access-Control-Allow-Headers headers, because a proxy integration doesn't return an integration response.
For other integration types I think API level CORS config can be used
Open in Slack
PreviousNext
Powered by