Application Load Balancer CORS

Khazuar · February 13, 2020, 3:45pm

Hi, we’re using an AWS ALB (application load balancer) to orchestrate access to some preexisting services of ours which are running in AWS ESC containers. I now wanted to add a serverless node.js application for a few new endpoints and just “hook” it into the ALB. That works fine when I access the api via postman, but if I try accessing this new endpoint from the frontend I get CORS issues. All the help-articles I found so far are about how to enable CORS with the AWS ApiGateway, using serverless with an ALB already seems like quite an exotic setup and I find just little information on it in general .
If I try to set the CORS headers in the serverless handlers, the ALB will respond with a 502 BAD GATEWAY response, indicating it didn’t like what the lambda returned. The ALB also doesn’t seem to support the “cors: true”-setting for the yml-files. Am I doing anything wrong here?

shadrech · February 18, 2020, 12:32am

I ended up implementing CORS manually myself. Essentially a cors request is a OPTIONS call to your server with your url before the actual POST/GET request. So I just applied this rule to capture all OPTIONS requests:
- alb:
listenerArn: !Ref ALBListener
priority: 1
conditions:
path: /*
method:
- OPTIONS
The handler function would then return headers with cors info:
callback(null, {
statusCode: 200,
statusDescription: ‘OK’,
isBase64Encoded: false,
headers: {
‘Content-Type’: ‘application/json’,
‘Access-Control-Allow-Origin’: ‘’,
‘Access-Control-Allow-Headers’: '’,
‘Access-Control-Allow-Methods’: ‘*’
}
});
Obvs in production you probably want to not have so many wildcards. I think also in every response in other requests I had to include these headers to make everything work.

rigobertocontreras · October 26, 2020, 7:07pm

Thanks shadrech that one works

aditya-tezsure · April 1, 2021, 7:57am

@rigobertocontreras @shadrech guys where you add the above specified option on AWS ALB ?
Kindly mention the steps please.

jamesdmorgan · May 27, 2021, 3:07pm

@aditya-tezsure the rules are defined against the listener. In the console if you click View/edit rules you can add the OPTIONS bypass IF Http request method is OPTIONS

vseltser · December 7, 2021, 4:21pm

Hello folks, could pls provide screen shots on how to get to ALB rules settings in more details - having trouble finding it, thks

awsguru · August 12, 2022, 6:03pm

@shadrech @jamesmorgan can one of you provide a little more information on how you are doing this? We have created the lambda function and the first rule in the ALB for the OPTIONS method, but we are not seeing how to use those headers with the next request in rule 2.

Topic		Replies	Views
Default cors configuration not working, had to manually add more headers Serverless Framework aws	0	2128	October 1, 2017
CORS question on using a REACT app with Serverless Framework Serverless Framework lambda , cors , api-gateway	0	588	April 6, 2022
CORS header ‘Access-Control-Allow-Origin’ missing from response when using Serverless Framework and AWS Serverless Framework aws , lambda , cloudformation , api-gateway	0	309	February 21, 2024
Request intermittently not including 'access-control-allow-origin' header in response Serverless Framework aws , lambda , cors , api-gateway	1	812	April 28, 2022
HTTP requests working post but not failing on CORS for get Serverless Framework lambda , cors , api-gateway	1	838	August 24, 2022

Application Load Balancer CORS

Related Topics