I have setup 2 lambda functions:
- User Auth (which also acts as a custom auth)
- List websites
Following is the setup for:
function(1):
functions:
userAuth:
handler: handler.auth
role: ${env:ARN_LAMBDA}
events:
- http:
method: post
path: auth
cors:
origin: '*'
headers: # <-- Specify allowed headers
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
function(2):
events:
- http:
path: /
method: get
cors:
origin: '*' # <-- Specify allowed origin
headers: # <-- Specify allowed headers
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- X-Amz-User-Agent
- Authorization
authorizer:
arn: arn:aws:lambda:ap-southeast-1:<arnno>:function:users-${opt:stage}-userAuth
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
type: request
I have also added the following for handling CORS requests at serverless API gateway level for both functions (Your CORS and API Gateway survival guide)
resources:
Resources:
GatewayResponseDefault4XX:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: DEFAULT_4XX
RestApiId:
Ref: 'ApiGatewayRestApi'
When I run the request using the “Authorization” Header via Postman, it works fine. But when I use the same thing as a fetch request, I get a failed 403.
Any idea, what I am missing here?
Any help will be highly appreciated :).