I am facing the similar issue as Javascript CORS - No 'Access-Control-Allow-Origin' header is present. Unfortunately, I do not understand the answer and want to understand the root cause.
High level data flow:
Javascript/HTML(Deployed in S3) -> AWS API Gateway. Gateway will return the data back.
Here is my understanding and the fact:
Since my javascript code is in S3, I have to make CORS request to API Gateway to fetch the data. From the code perspective, there is nothing special between CORS request and Same-Origin Request.
Also my code will actually make the request the api gateway and get 200 status code(found it in Network tab - Chrome). However, from the console tab - Chrome I am getting
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '<placeholder>' is therefore not allowed access.
JavaScript Code:
var xhr = new XMLHttpRequest();
xhr.open('GET', URL);
xhr.send();
My Questions:
- First, From the code perspection, there is nothing special between CORS request and Same-Origin request. Is this correct?
- From my understanding, When making CORS request, we actually make 2 requests. the first one is to make a request to OPTIONS method to make sure we are able to make the actual request. If the server side returns 'Access-Control-Allow-Origin': '*'. then the second request can be sent. Is this correct?
- If the above 1,2 are correct, Do I miss anywhere? I have already configured the API gateway to allow CORS and tested it. Its returning the response header
{"Access-Control-Allow-Origin":"*","Access-Control-Allow-Methods":"GET,OPTIONS","Access-Control-Allow-Headers":"Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token","Content-Type":"application/json"}
