Why does my serverless Lambda function reject Cache-Control header?

Question

I'm using FineUploader to upload files to S3. While utilizing the DELETE functionality I get the following error:

XMLHttpRequest cannot load https://xxxxxxx.execute-api.us-east-1.amazonaws.com/prod/deleteS3File?. Request header field Cache-Control is not allowed by Access-Control-Allow-Headers in preflight response.

The lambda function was created using the awesome Serverless Framework with the following configuration:

functions:
  deleteS3File:
    handler: handler.deleteS3File
    events:
      - http:
          path: deleteS3File
          method: POST
          integration: lambda
          cors: true
          response:
            headers:
              Access-Control-Allow-Origin: "*"

Any idea what this error means for a Lambda function and how to tackle it?

score 2 · Accepted Answer · edited Jun 06 '17 at 12:58

2

The POST verb preflights an OPTIONS verb that you don't support.

So, you need to create a method for OPTIONS that will return status code 200 (success) and with the expected headers.

For both the OPTIONS and POST, try the following headers:

Access-Control-Allow-Origin: "*"
Access-Control-Allow-Methods: "GET, HEAD, OPTIONS, POST, PUT, DELETE"
Access-Control-Allow-Headers: "Access-Control-Allow-Headers, Cache-Control, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers"

^{you may fine tune the headers later to allow just what you need}

edited Jun 06 '17 at 12:58

Tal

7,827
6
38
61

answered Jun 05 '17 at 13:51

Zanon

29,231
20
113
126

1

just to refine the answer - I created a serverless OPTIONS function that merely returns the specified access-control-allow-headers. – Tal Jun 06 '17 at 12:59

Why does my serverless Lambda function reject Cache-Control header?

1 Answers1