We hadn't gotten CORS to fully behave on the new infrastructure, this issue marks the day and a half that getting it right cost. The final solution ended up being heavily based on this blog post which included Terraform source code. Core ideas:
For each resource (e.g. /public or /public/{proxy}, each part is one API Gateway resource) we need to define a Method whose http_method is OPTION. That method needs an Integration of the Mock type. Then we need to define both an Integration Response and Method Response. The former declares the headers and body which the Mock integration will return, the latter specifies that all of those headers are allowed to pass through to the client.
We also needed to add a Method Response for the existing Lambda integrations, specifying a 200 default status code and that the Access-Control-Allow-Origin header is allowed to get to the client.
We hadn't gotten CORS to fully behave on the new infrastructure, this issue marks the day and a half that getting it right cost. The final solution ended up being heavily based on this blog post which included Terraform source code. Core ideas:
/publicor/public/{proxy}, each part is one API Gateway resource) we need to define a Method whose http_method isOPTION. That method needs an Integration of the Mock type. Then we need to define both an Integration Response and Method Response. The former declares the headers and body which the Mock integration will return, the latter specifies that all of those headers are allowed to pass through to the client.200default status code and that theAccess-Control-Allow-Originheader is allowed to get to the client.