I have a REST API that triggers a Lambda function to return some data from a DynamoDB table. Everything was working when I had no authorization in the process with my fetch statement looking like:
function fetchData(){
const itemID = encodeURIComponent('item#123');
const url = "https://domain1234.execute-api.region.amazonaws.com/stage/item/" + itemID;
fetch(url)
.then(response =>{
return response.json()
}).then(jsonData =>{
console.log(jsonData)
}).catch(e =>{
console.log(e.message)
})
}
I then included authorization through Cognito with the following steps.
I added the pool as an Authorizer in the "Authorizers" section of API Gateway. Setting the token source as "Authorization"
Tested the Authorizer using a Cognito
idTokenafter logging in and pasting into the test. The test was successful.Set each method to use that Cognito pool.
When I re-write the fetch to include a Authorization header I get a failed to fetch error.
The updated fetch is as follows:
function fetchData(){
const itemID = encodeURIComponent('item#123');
const url = "https://domain1234.execute-api.region.amazonaws.com/stage/item/" + itemID;
fetch(url,{
headers: {"Authorization":"myVeryLongIdToken"}
})
.then(response =>{
return response.json()
}).then(jsonData =>{
console.log(jsonData)
}).catch(e =>{
console.log(e.message)
})
}
I get the error:
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. Does this mean my API request is blocked at the API Gateway level and not being authorized?
