Sam Hulick
08/31/2021, 8:22 PMCross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <https://xxx.execute-api.us-east-1.amazonaws.com/signed-cookie>. (Reason: header 'authorization' is not allowed according to header 'Access-Control-Allow-Headers' from CORS preflight response).
the preflight request is sending back the header access-control-allow-headers: *
. so I don’t understand why it says the ‘authorization’ header is not allowedOmi Chowdhury
08/31/2021, 8:25 PMAuthorization
header can’t be wildcarded and always needs to be listed explicitly.Sam Hulick
08/31/2021, 8:25 PMAustin
08/31/2021, 8:27 PMAccess-Control-Allow-Credentials
in the server CORS policy to allow reading responses with credentials? If the above suggestion from @Omi Chowdhury alone doesn’t work, you might look at that.Omi Chowdhury
08/31/2021, 9:29 PMAccess-Control-Allow-Credentials
is required…but I don’t see it coming back on my own API, and it all works … 🤔