New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't solve CORS error. Already added response headers and cors: true. #5846
Comments
Hey, I was in this exact spot last week. Do you use a custom authorizer? I would recommend having a look at the CloudWatch logs for the APIG endpoint you are hitting. I found about 2 weeks back that I was getting a cors issue when my custom authorizer was erroring out in a strange way. It appears there are some failures in the custom authorizer that aren't reflected in the logs for the custom authorizer but are in the general APIG logs. Have a look at those and tell me what you see and I may be able to point you in the right direction. |
Hello @delprofundo, |
Hey, Sorry I wasn't totally clear in two ways:
You will find the APIG logs will probably have some extra detail on your problem (and a tonne of cruft that won't help). In other news your authorizer looks alright. It occurred to me I recently changed how I declare my CORS settings....look here:
I had intermittent problems with auth before I applied this that I still cannot explain. I can confirm I dont get them anymore as I've run every function in the application 1million times in the last week with no cors or auth issues. (final thing I would recommend adding a check on an epoch time reference in the token payload) |
Hmmm ok this is now diverging from my issue a bit im afraid, I'll point out this that the list of headers there are mine, you may not be using those (almost certainly wont be using X-Auth-Class). That said it looks like you are returning a content type header and it may be required in the set of headers there....from memory I THINK the event method settings are duplicated for the options call, so perhaps remove my headers and add the ones you are using. Now I did notice there were some update issues with cloud formation when changing cors settings (some of my settings would jag for a few deploys till i finally removed everything and did a clean deploy and data migration) so maybe blow away the whole service and try again if you dont move further forward. I'll keep thinking, let me know if anything changes. |
@edlgg try adding this resource to your serverless.yml:
|
@drexler I added the resource and now I no longer get the cors error. However I still get a 401. When I check the APIG logs I see an 'UNAUTHORIZED' message. If I try to see the logs of the authorizer function there arent any logs. |
@edlgg even with some console logs in there, it's not getting invoked? It should i reckon. There's probably an issue with the JWT being sent with the request or some other subtle error. Remember with an authorizer, last time i checked, you cant send back a custom error message. Curious what does this log when added to the authorizer function:
|
Closing this issue since it's quite stale. Please refer to the Serverless Forums or Gitter where issues like this can be discussed with our broad developer community. |
Hello,
This question has probably been asked hundreds of times but I cant seem to make it work. I have a post serverless function but I keep getting a cors error not matter what I do. When I test it on post man it works correctly.
function
Front end code
Custom Authorizer
Error
The text was updated successfully, but these errors were encountered: