CORS Pre-flight checks OPTIONS error from AWS Gateway API
I am struggling to resolve a '403' error: '... has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status'
Any advice on how I can debug or what I could be missing is appreciated
Tests conducted thus far:
My lambda function in AWS responds with the correct headers:
OPTIONS CURL TEST:
Copied failed axios command as CURL (cmd) from chrome dev tools :
- (this does not work in command line, curl responds with: 'curl: (3) URL using bad/illegal format or missing URL' )Copied failed axios command as fetch from chrome dev tools:
And postman response to prove without cors, the functions works:
Other info:
I have validated the url, x-api-key etc many times, and tried different configurations of the axios request, all result in the same response, see the following image of the axios request
A few images from APIGateway showing the requests and integrations:
OPTIONS request/response in the browser (suggested by Quentin ):
My Current lines of reasoning:
- Maybe there is an additional security setting I need to define in my cloudwatch template?
- Maybe there is a bug in webpack with next.js / axios 0.27.2 / node 16.14.0 . - I have found a near- identical response mentioned HERE
The 403 error is due to the OPTIONS response x-api-key not being expected by the web browser for pre-flight checks
Once I disabled the global x-api-key required in the cloudformation template via:
Auth:
ApiKeyRequired: false
The result as shown here; on the console depicts OPTIONS -> API Key 'Not Required'
-The response succeeded!
In conclusion, api-gateway interferes with the expected preflight process via it's default copnfiguration.
Be warned!
There is however a snag outside the scope of this question, in that multiple people have report difficulting enabled ApiKeyRequired for POST and not OPTIONS. This is a cloudformation issue (Please see linked sources below for more details)
UPDATE:
In conducting further research, enough people complained March 2022 with this exact problem, a specific flag 'AddApiKeyRequiredToCorsPreflight' was then added.
Example here
Discussion Sources:
- How can I create dynamic metadata for a user profile page in nextjs 15 when using use client
- NextJs: Nginx returning 404 on API routes
- Next.js 15 dynamic page is cached without using any caching
- How to Use Nextjs Middleware Matcher Redirect Users
- The state of the Next Js component is not updated
- Next.js server side component request, how to send my cookie token?
- npx create-next-app@latest is giving errors
- fabricjs: how to use loadSVGFromURL with react useEffect?
- Issues with Dependencies in Firebase App Hosting and Cloud Functions Deployments for Next.js App
- Use Axios with NextJS 15 Server Action Function
- Next.js (v13) | rewrite and redirect does not work in the Middleware. -> when reques from page (run) but from api (not work)
- shacn ui cmdk command component not working on react 19 RC and Next.js 15
- How to handle file uploads with react-hook-form and zod in Next.js when passing file data to a use server function?
- Wrapping with React.StrictMode in Next.js
- ReferenceError with lottie-react on Next.js 13 - SSR Incompatibility?
- Next.js static chunks 503 service unavailable issues when refreshing pages. Intermittent
- Why is there .php files in my Nextjs v14 static site which is deployed on Vercel?
- Proper eslint configuration under NextJS 15
- Why is Next.js throwing Error: WEBPACK_IMPORTED_MODULE is not a function?
- Next.js 14.x middleware.ts not triggering
- Next JS 14 nextAuth getServerSession not working
- TypeError: can't access property "name", record.section is undefined
- Build error right after creating a Next.js 15.0.1 project
- NextAuth 5: Host must be trusted
- Vercel Production Branch is stripping Authorization header on POST to Serverless Function API
- How to bring back Nextjs 15 static indicator
- How do you put api routes in the new app folder of Next.js?
- How to get the current pathname in the app directory of Next.js?
- ThemeProvider from NextUI causing Warning: Extra attributes from the server: class,style
- typescript error using @material-tailwind/react with nextjs14