search

yarbsemaj / sveltekit-adapter-lambda

An adapter to build a SvelteKit app into a lambda ready for deployment with lambda proxy via the Serverless Framework or CDK.
https://www.npmjs.com/package/@yarbsemaj/adapter-lambda
MIT License
77 stars 16 forks source link

403 -Forbidden, Cross-site POST form submissions are forbidden #38

Closed zamoshchin closed 7 months ago

zamoshchin commented 8 months ago

I'm attempting to call my Sveltekit endpoint /api/voice/answer_call from Twilio (this is a web hook that responds to Twilio's phone call) and am getting Cross-site POST form submissions are forbidden

How can I allow CORS?

I've added the following to my endpoint:

        headers: {
            'Content-Type': 'text/xml',
            "Access-Control-Allow-Origin": "*", // Allows all domains
            "Access-Control-Allow-Methods": "OPTIONS,POST,GET",
            "Access-Control-Allow-Headers": "Content-Type,Authorization",
            "Access-Control-Allow-Credentials": "true" // Only if your endpoint requires credentials
        },

I've also ensured CloudFront is not stripping these headers. I'm guessing the issue is with Lambda@Edge not forwarding these headers?

yarbsemaj commented 8 months ago

Hi @zamoshchin , thank you for your interest in my project! This seems to be a security feature built into svelte itself.

I believe this may be what your looking for

https://stackoverflow.com/a/73801539