CORS Pre-flight checks OPTIONS error from AWS Gateway API
I am struggling to resolve a '403' error: '... has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status'
Any advice on how I can debug or what I could be missing is appreciated
Tests conducted thus far:
My lambda function in AWS responds with the correct headers:
OPTIONS CURL TEST:
Copied failed axios command as CURL (cmd) from chrome dev tools :
- (this does not work in command line, curl responds with: 'curl: (3) URL using bad/illegal format or missing URL' )Copied failed axios command as fetch from chrome dev tools:
And postman response to prove without cors, the functions works:
Other info:
I have validated the url, x-api-key etc many times, and tried different configurations of the axios request, all result in the same response, see the following image of the axios request
A few images from APIGateway showing the requests and integrations:
OPTIONS request/response in the browser (suggested by Quentin ):
My Current lines of reasoning:
- Maybe there is an additional security setting I need to define in my cloudwatch template?
- Maybe there is a bug in webpack with next.js / axios 0.27.2 / node 16.14.0 . - I have found a near- identical response mentioned HERE
The 403 error is due to the OPTIONS response x-api-key not being expected by the web browser for pre-flight checks
Once I disabled the global x-api-key required in the cloudformation template via:
Auth:
ApiKeyRequired: false
The result as shown here; on the console depicts OPTIONS -> API Key 'Not Required'
-The response succeeded!
In conclusion, api-gateway interferes with the expected preflight process via it's default copnfiguration.
Be warned!
There is however a snag outside the scope of this question, in that multiple people have report difficulting enabled ApiKeyRequired for POST and not OPTIONS. This is a cloudformation issue (Please see linked sources below for more details)
UPDATE:
In conducting further research, enough people complained March 2022 with this exact problem, a specific flag 'AddApiKeyRequiredToCorsPreflight' was then added.
Example here
Discussion Sources:
- In NextJS while using TailwindCSS some components are taking different width
- How to redirect if the param is not present Next.JS
- Error: Could not resolve various Storybook dependencies with Storybook 8 and PNPM
- NextAuth: how to return custom errors without redirection
- How to create search in ui/shadcn?
- Cannot destructure property 'store' of 'useReduxContext(...)' as it is null
- How to export structured notes (image + text) from a Next.js app to Apple Notes?
- Are Next.js 13.4 Server Actions just a way to run api calls on the server side instead of the client side?
- next/image does not load images from external URL after deployment
- In hosting Next.js app to Vercel, backend API is not working
- How to detect change in the URL hash in Next.js?
- Pagination Navigation Not Displaying All Pages in React Component
- router.push() is not working as expected NextJS
- React 18: Hydration failed because the initial UI does not match what was rendered on the server
- Toast notification not triggering in Next.js contact form despite successful route and form submission
- Production build fails: Type error: Property 'companies' does not exist on type 'PrismaClient ...... whereas local build passes
- Next Image is not being displayed
- Connection Refused Between SSR Next.js and Laravel API
- Receiving attempted import error for JWT in Next.js
- callbackUrl not working in auth.js signin
- NextAuth Error 'MISSING_NEXTAUTH_API_ROUTE_ERROR' in Next.js 13 (app route)
- Warning: Text content did not match. Server: "I'm out" Client: "I'm in" div
- Next js with react-leaflet window is not defined when refreshing page
- Nextjs with react-leaflet - SSR, webpack | window not defined, icon not found
- react-select: How do I resolve “Warning: Prop `id` did not match”
- Dynamic meta deta is not updating as expected due to production static site generation
- How to remove Query Params
- Next js set query param. Why this way?
- How can I update the Session info on Every Refresh?
- How to use multiple middlewares in Next.js using the middleware.ts file?