Enabling CORES in a Lambda Proxy

The Problem

Preflight OPTIONS requests are blocked by CORS policy when using Cognito to authorize requests to an API Gateway ANY method.

The Solution

Add an unauthenticated lambda proxy OPTIONS method to your API Gateway. Then add the appropriate cors headers to the request response from within your application.

Adding The Method

  • Go to the AWS API Gateway console
  • Under the Actions dropdown, choose Create Method
  • Select OPTIONS from the drop-down
  • Click the checkmark next to the dropdown box.
  • In Lambda Function, choose the region and lambda function that proxies to your app.
  • Click Save
  • Under the Actions dropdown, select Deploy API and use the next window to deploy your API.

Adding CORS Headers In Your App

With the above change, requests will now be passed to your application which will be responsible for adding the desired CORS headers. A maximally permissive set of headers is provided here as a reference. You may adjust based on your specific needs:

(def cors-headers {"Access-Control-Allow-Origin" "*"
                   "Access-Control-Allow-Methods" "GET, PUT, PATCH, POST, DELETE, OPTIONS"
                   "Access-Control-Allow-Headers" "Authorization, Content-Type"})