amazon-web-servicesaws-lambdaamazon-gateway

Pass session cookie to AWS Lambda using Amazon Gateway HTTP API


I have an Amazon Gateway HTTP API with AWS Lambda integration, which I created with these AWS CLI commands:

aws apigatewayv2 create-api --name test --protocol-type HTTP --target arn:aws:lambda:...

aws apigatewayv2 get-integrations --api-id {API_ID}

aws lambda add-permission \
 --statement-id api-invoke-lambda \
 --action lambda:InvokeFunction \
 --function-name "arn:aws:lambda:..." \
 --principal apigateway.amazonaws.com \
 --source-arn "arn:aws:execute-api:..."

aws apigatewayv2 update-api --api-id {API_ID} --cors-configuration AllowCredentials=true,AllowOrigins="https://..."

I call the lambda with AJAX and I would like to pass the session cookie in the request. Is this possible?

The AJAX call:

$.ajax({
    url: 'https://{API_ID}.execute-api.....amazonaws.com/',
    type: 'POST',
    data: { },
    dataType: 'json',
    xhrFields: { withCredentials: true }
});

Solution

  • You're posting to an https://{API_ID}.execute-api.....amazonaws.com/ URL, instead of your own custom URL. The browser will never send the cookie to that URL unless you are also setting the session cookie from another API Gateway URL. If you are setting the session cookie from another domain name, the browser will never pass it to that API Gateway URL.