This error occurs using API Gateway v1 with lambda-proxy.
Browser client is doing a preflight request (option): 502 error
Then the actual request (post): CORS error
My serverless.yaml is configured this way:
functions:
authCreateUserFromAdminHandler:
handler: src/modules/Auth/handlers/createUserFromAdminHandler.handler
events:
- http:
path: auth/createUserFromAdmin
method: post
cors: true
- http:
path: auth/createUserFromAdmin
method: options
cors: true
And my lambda function has this code:
import { InternalUserCognitoService } from './../services/InternalUserCognitoService';
import { InternalUserPrismaService } from './../services/InternalUserPrismaService'
import { APIGatewayEvent, Context } from 'aws-lambda';
import { cognitoGroupNameZodSchema } from '../../../shared/zod/modules/Auth/Auth.zod'
import { ZodError } from 'zod';
import { IBodyHttpResponse, Empty } from '../../../shared/types/RequestResponse/api.types'
export const handler = async (event: APIGatewayEvent, context: Context /*, callback: Function*/) => {
const { email, username, fullname, group } = JSON.parse(event.body || '')
const headers = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'Content-Type,Authorization',
'Access-Control-Allow-Methods': 'GET,POST,PUT,OPTIONS',
'Access-Control-Allow-Credentials': true,
};
if (event.httpMethod === 'OPTIONS') {
// Handle preflight request
return {
statusCode: 200,
headers,
body: null,
};
}
try {
cognitoGroupNameZodSchema.parse(group)
} catch (e) {
if (e instanceof ZodError) {
const body: IBodyHttpResponse<Empty> = {
status: 'error',
message: e.message,
data: {}
}
return {
statusCode: 400,
headers,
body: JSON.stringify(body)
}
}
}
try {
await InternalUserCognitoService.createUserFromAdmin(username, email, fullname, group) // Se crea el usuario con el servicio de AWS Cognito.
await InternalUserPrismaService.createUserFromAdmin(username, email, fullname, group) // Se crea un row en la db con información del usuario.
// Return success message
const body: IBodyHttpResponse<Empty> = {
status: 'success',
message: 'Usuario creado satisfactoriamente y agregado al grupo',
data: {}
}
return {
statusCode: 201,
headers,
body: JSON.stringify(body)
}
} catch (error) {
console.error('Error creating user or adding to group:', error);
const body: IBodyHttpResponse<Empty> = {
status: 'error',
message: 'Error al crear el usuario o agregarlo al grupo.',
data: {
error
}
}
return {
statusCode: 500,
headers,
body: JSON.stringify(body)
};
}
}
I wonder why I’m getting CORS error. From the browser’s console:
Access to XMLHttpRequest at 'https://zgrciu0uce.execute-api.us-east-1.amazonaws.com/dev/auth/createUserFromAdmin' from origin 'http://localhost:5173' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
POST https://zgrciu0uce.execute-api.us-east1.amazonaws.com/dev/auth/createUserFromAdmin net::ERR_FAILED
My client is an SPA with Vue that is running locally (http://localhost:5173/). I don’t know if the error is because I’m running locally, or I have some misconfiguration. Any help?