2

This url is in AWS API Gateway with method get and stage is well deployed. And I enabled CORS following the aws document.

Here are my steps to enable CORS.

-Resource->action->enable CORS-> default setting ->enable CORS and replacing the CORS headers. There is no error log in CORS result.

I am not a profesional web developer and my browser is safari.
Here is my code to query "http://my.com"

 function request(idex) {
 var xmlHttp = new XMLHttpRequest();
 xmlHttp.onreadystatechange = function() { 
    if (xmlHttp.status == 200)
        callback(xmlHttp.responseText);
 }
 xmlHttp.open("GET", "http://my.com", true);  
 xmlHttp.send(null);}

The console print the error : XMLHttpRequest cannot load "http://my.com" Origin http://example.com is not allowed by Access-Control-Allow-Origin.

If there are some mistakes in javascript request or in API Gateway deploy?

Cenxui
  • 1,343
  • 1
  • 17
  • 25
  • 2
    There's certainly something wrong with how you set up CORS in AWS because I set up example.com as a vhost on my local. And after having done that I'm getting: `XMLHttpRequest cannot load http://my.com/. Redirect from 'http://my.com/' to 'https://my.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example.com' is therefore not allowed access.` – Pegues Nov 19 '16 at 15:41
  • Thank you a lot, I think that your comment help me to find the way to solve it. – Cenxui Nov 19 '16 at 15:54
  • My pleasure. Good luck! – Pegues Nov 19 '16 at 15:56
  • Ran into same problem. Used this to solve it - [API gateway CORS lambda](https://stackoverflow.com/a/43029002/8502552) – asr9 Jul 06 '18 at 16:32

2 Answers2

3

After consulting and trying each method, I found the error as following.

According to AWS document, we can not deploy our api before enabling CORS. All the settings about the header and CORS must be set before being deployed. But the API Gateway does not block this setting nor does it show any error dialog. API Gateway will not change the header even if your setting process shows success.

Huaying
  • 151
  • 2
  • 11
Cenxui
  • 1,343
  • 1
  • 17
  • 25
2

The cross origin problem is from server side not javascript side. When the server does not allow request from other domains it throws cross origin error. But you said you already added CORS in aws instance

As the javascript is only accessing the service from my.com, You need to added proper domain mapping in your my.com site to tell that request will come from another domain called example.com. might be the server is not properly configured. or try if server is expecting any header.

try to see the result in any rest client like soapui, rect client plugin in chrome, etc. once you confirm that there is no problem in server, try it from javascript

To test there is a chrome plugin you can try

https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?hl=en

Aniruddha Das
  • 20,520
  • 23
  • 96
  • 132