All work

Select view

Select search mode

 
50 of 851

Add CORS support for REST API.

Description

The deployed REST API needs to support CORS so it can be accessed from localhost in the browser. (Testing from non-browser clients such as the VSCode REST Client extension ignores/bypasses CORS. See generally https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS .

This will have two parts:

  • The Cognito authorizer will need to send back the correct origin allowed domain(s) CORS header(s) in any 401 or similar responses or similar if the request doesn’t contain authorization information; otherwise a browser will keep the code that made the request from seeing the response. See my question https://stackoverflow.com/q/79614609 . The solution is probably in the comments of https://github.com/serverless/serverless/issues/3896, namely configuring the API Gateway to allow all origins (i.e. *) for 4xx and 5xx responses.

  • The service Lambda code needs to be updated to add the appropriate CORS header(s) with responses. Ultimately this means Flange Cloud will need an elegant way to configure what domain it’s using and pass that domain to the Lambda in an environment variable. In the short term, detecting that a Flange dev profile is active and adding localhost as an allowed origin will probably suffice for this ticket.

Environment

None

Details

Assignee

Reporter

Fix versions

Priority

Created 15 hours ago
Updated 42 minutes ago

Activity

Flag notifications