I have an issue with cors access control allow origin error messages.
My understanding is that the cors headers need to be configured in the lambda headers, and I have done that as below in the handler.ts file:
headers: {
"Content-Security-Policy": "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';",
"Access-Control-Allow-Origin": "*", // Allow any origin to access the API
"Access-Control-Allow-Headers": "Content-Type",
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
"Content-Type": "text/html",
},
I set the most open CSP I could find to help rule out this as an issue.
Ive also attached a cors policy to the apig in case that was an issue, and that also has not helped:
ions:
serve:
# Any web request regardless of path or method will be handled by a single Lambda function
handler: handler.serve
events:
- http:
path: /
method: any
cors:
origin: '*'
headers:
- Content-Type
- Access-Control-Allow-Orign
allowCredentials: true
- http:
path: /{any+}
method: any
cors:
origin: '*'
headers:
- Content-Type
- Access-Control-Allow-Orign
allowCredentials: true
I have set the allow * against the buckets cors configuration:
I have tried all kinds of configurations, but I seem to be missing something here, I cant see what. I am getting a handful of error messages on the browser console about Access-Control-Allow-Origin cors header missing.
However, if I curl the address I can see there is the header present. I dont get it?
I have an issue with cors access control allow origin error messages.
My understanding is that the cors headers need to be configured in the lambda headers, and I have done that as below in the handler.ts file:
I set the most open CSP I could find to help rule out this as an issue.
Ive also attached a cors policy to the apig in case that was an issue, and that also has not helped:
I have set the allow
*
against the buckets cors configuration:I have tried all kinds of configurations, but I seem to be missing something here, I cant see what. I am getting a handful of error messages on the browser console about Access-Control-Allow-Origin cors header missing.
However, if I curl the address I can see there is the header present. I dont get it?