No 'Access-Control-Allow-Origin' header is present on the requested resource from an AWS API Gateway

Question

I have made an API using AWS API Gateway that fires a Lambda function at a PostgreSQL RDS. When I call the API from my Angular application, I get the following error.

Access to XMLHttpRequest at 'URL' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

How do I resolve this from the API Gateway end?

Answer 1

This is because you don't have CORS enabled for your API Gateway. CORS is a browser security feature which will yield warnings if the website makes calls to other domains. You need to tell your API to return CORS headers so your API can tell your browser that it's okay that other domains (i.e. localhost) are calling it.

Here are some links that will hopefully help:

• https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html
• https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors-console.html