6

I use lambda as backend for AWS API Gateway with lambda proxy integration and want to add CORS into response header.

According to documentation:

http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

However, you must rely on the back end to return the Access-Control-Allow-Origin headers because the integration response is disabled for the proxy integration.

How can I program it in my lambda function with Python.

Hello lad
  • 17,344
  • 46
  • 127
  • 200
  • The AWS documentation is poor on this. The grammar doesn't help either. An example would be so useful. – CarlR Apr 30 '18 at 13:57

2 Answers2

10

To create OPTIONS method you can enable it from the Gateway

  1. Navigate to your Gateaway, Select Resources from left side
  2. Select endpoint, on top there will a button "Action", there you will need to select "Enable CORS", save the settings.
  3. Deploy the Gateway.

It will create a method OPTIONS on the resource(endpoint)

for GET/POST other HTTP Verbs you will need to manage it from your code, in case of python 

return {
    'statusCode': "200",
    'body': json.dumps({"test" : "123"}),
    'headers': {
        "Content-Type" : "application/json",
        "Access-Control-Allow-Origin" : "*",
        "Allow" : "GET, OPTIONS, POST",
        "Access-Control-Allow-Methods" : "GET, OPTIONS, POST",
        "Access-Control-Allow-Headers" : "*"
    }
}

for other unhandled cases like IntegrationTimeout (504) or Error in your code (502), you can configure default response headers at API Gateway Level. refer Default Response Headers: AWS API Gateway w/ Proxy Integration

Fahad Ali Shaikh
  • 156
  • 1
  • 7
5

you need to add a method "options" to your api gateway and using a proxy lambda... return 

result.headers = { "Access-Control-Allow-Origin": "domain.com" }

so when the browser will first call options to your server it will return the CORS headers.

the thing is that, by default your lambda method will be called for "any" method, so you need to change the default one to get,post or whatever you need

note: you could also use the same method, like any or options,get,post and if it is a options call, only return status 200 and the cors header. it depends if you are using or not an auth method for get,post,etc

there is an option in Lambda console "Enable CORS" if you are just using lambda with nothing strange

UXDart
  • 2,500
  • 14
  • 12
  • "enable CORS" is in: select your lambda method, and in the actions button sub options – UXDart May 03 '17 at 15:09
  • thanks for the response. sadly it is not possible under lambda proxy integration configuration. – Hello lad May 04 '17 at 12:08
  • are you sure? I'm using it, with proxy integration. are you using any specific authentication/auth method? or is a public lambda method? if it is passing by any auth, you need to separate options method so it doesn't need the auth to be called – UXDart May 04 '17 at 13:42
  • yes. It is so documented and verified in my experiment. I have ended up the solution to add the header into lambda function code. "Enable CORS" only activate the OPTION method with a MOCK UP backend, but if one has a GET method with lambda backend and proxy integration ticked, it is not yet supported. – Hello lad May 04 '17 at 15:11